... this >>> release. > > pf(4) has nothing to do with isakmpd(8), ... -XAUTH > VPN Road-warrior clients > - PIX has functional object-groups/group ... when you use 7.X and above version of image. In ... the OP: We use ASA and OpenBSD in our production environment ...

openbsd-misc - Prabhu Gurumurthy - Nov 7 2007 - 21:34

... in this > > > > release. > > > > > > > > > > > pf(4) has nothing to do with isakmpd(8), ... Hybrid-XAUTH > > VPN Road-warrior clients > > - PIX has functional object-groups/group-object ... To the OP: > We use ASA and OpenBSD in our production environment ...

openbsd-misc - José Costa - Apr 11 2008 - 07:32

... easily setup and functional Hybrid-XAUTH > VPN Road-warrior clients OpenBSD's isakmpd does not ... the systems in physically different locations. > - PIX/ASA has some magical black-box ... 2. Try playing with queueing in PF to handle some types of traffic ...

openbsd-misc - Reyk Floeter - Apr 10 2008 - 06:27

... this > > release. pf(4) has nothing to do with isakmpd(8 ... object-groups/group-object inheritance - PIX/ASA has proprietary serial console ... with NAT and IPSec and 802.1q support. OpenBSD will always ... Try playing with queueing in PF to handle some types of ...

openbsd-misc - Brian A Seklecki (Mobile) - Nov 5 2007 - 15:26

... Friday, April 25, 2008 7:39 PM > To: misc@openbsd.org ... Subject: Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA ... org> > wrote: > > ... > I've benchmarked PIX 515s running 7.2 code using stateful > failover and the proprietary serial cable. Powering ...

openbsd-misc - Steven Surdock - Apr 25 2008 - 21:21

... don't know about ASA, but the 5xx PIX doesn't support IPv6 > > > > like the lucent boxes and many other systems. ... a very basic way sometimes not even > statefully. > Or like on the ASA ... to freeze once a week and Cisco just does not care ...

openbsd-misc - Claudio Jeker - Apr 10 2008 - 07:04

... we have: | Some say that isakmpd is resource intensive. What is ... easy to roll out, configure and the cost the most. | > | > I ... maintain their own firewalls and VPNs and it appears to us ... consider a non OpenBSD solutions, ie Cisco devs or | > should I ...

openbsd-misc - Todd T. Fries - Nov 7 2007 - 20:09

... Apr 2008 12:27:32 +0200, Reyk Floeter wrote: >> - PIX/ASA has some magical black-box inline transparent protocol ... a look at http://www.postfix.org/postconf.5.html and search the page for pix. Not too transparent either. Please don't reply to the ...

openbsd-misc - Rod Whitworth - Apr 10 2008 - 07:29

... easy to roll out, configure and the cost the most. > > > > I ... identical > > bandwidth. We have an OpenBSD VPN/firewall at our main ... consider a non OpenBSD solutions, ie Cisco > > devs or should I ... Try playing with queueing in PF to handle some types of ...

openbsd-misc - Martin Toft - Nov 5 2007 - 02:23

Some say that isakmpd is resource intensive. What is the recommended ... easy to roll out, configure and the cost the most. > > I ... of our data > does transpose OpenBSD before it ultimately hits our ... consider a non OpenBSD solutions, ie Cisco devs or > should I ...

openbsd-misc - Chris Bullock - Nov 5 2007 - 20:14

On Mon, 05 Nov 2007 14:26:48 -0500, Brian A Seklecki (Mobile) wrote: >- PIX/ASA has some magical black-box inline transparent protocol >"fixups" People who have met those when trying to send mail will tell you ...

openbsd-misc - RW - Nov 5 2007 - 17:23

Have you try openbsd 4.2 ? PF have been really improved in ... its easy to roll out, configure and the cost the most. > > I ... identical bandwidth. We have an > OpenBSD VPN/firewall at our main ... I consider a non OpenBSD solutions, ie Cisco devs or > should I ...

openbsd-misc - Cabillot Julien - Nov 4 2007 - 20:29

... Brian A Seklecki (Mobile) wrote: > - PIX/ASA has proprietary serial console fail-over ( ... Ethernet cable for pfsync and the common failure scenario is power failure (or at least something that brings down the pfsync ...

openbsd-misc - Matthew Dempsky - Apr 10 2008 - 15:52

... easy to roll out, configure and the cost the most. I ... identical bandwidth. We have an OpenBSD VPN/firewall at our main ... of our data does transpose OpenBSD before it ultimately hits our ... I consider a non OpenBSD solutions, ie Cisco devs or should I ...

openbsd-misc - Chris Bullock - Nov 4 2007 - 20:09

... never had problems with carp's fallover time and > I've never used a Cisco firewall so I don't ... time was a problem. > I've benchmarked PIX 515s running 7.2 code using stateful failover and the proprietary serial cable. Powering down the ...

openbsd-misc - Karsten McMinn - Apr 25 2008 - 19:39

... sites that we maintain with > OpenBSD firewalls and VPNs, assuming identical bandwidth. < ... do some conclusive transfer tests please or explain what you mean when you ... it appears". FWIW, I've benchmarked PIX stateful failover using their fancy serial ...

openbsd-misc - Karsten McMinn - Nov 7 2007 - 20:50

... at 4:12 AM, Henning Brauer openbsd@bsws.de> wrote: > fwB's slave carp interfaces notice the "watchdev" going down and > go to master. great, now we have ... had problems with carp's fallover time and I've never used a Cisco firewall so I don ...

openbsd-misc - Matthew Dempsky - Apr 11 2008 - 12:13

... at 4:12 AM, Henning Brauer openbsd@bsws.de> wrote: > > fwB's slave carp interfaces notice the "watchdev" going down and > > go to master. great, now we ... Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, ...

openbsd-misc - Henning Brauer - Apr 11 2008 - 12:42

... be able to set an extra watchdev (or whatever) that it would > watch. for what ... do switchovers during business hours sometimes, and nobody ever noticed anything), let's ... Henning Brauer, hb@bsws.de, henning@openbsd.org BS Web Services, http://bsws. ...

openbsd-misc - Henning Brauer - Apr 11 2008 - 07:12

... the common setup is two routers with > a direct Ethernet cable for pfsync and the common failure scenario is > power failure (or at least something that brings down the pfsync > device interface), when one ...

openbsd-misc - Stuart Henderson - Apr 10 2008 - 17:33