IPsec & VPN Discussion

From: John Garrett (John.Garrett.B@xxxxxxxxx)
Date: Wed Feb 09 2000 - 12:14:14 GMT-3

• Next message: Earl Aboytes: "RE: traceroute filter"
• Previous message: Greg Schwimer: "CD used in lab"
• Next in thread: Robert Thompson: "RE: IPsec & VPN Discussion"
• Maybe reply: Robert Thompson: "RE: IPsec & VPN Discussion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Sorry pbosio. I can configure routers but email is a bitch! ;-)
---------------------- Forwarded by John Garrett/IS/US/BAYER on 02/09/2000
10:12 AM ---------------------------

John Garrett
02/09/2000 10:10 AM
To: "DDA.RFC-822=pbosio@comtech.com.au/P=BAYER/A=TELEMAIL/C=US"@X400
cc:

Subject: IPsec & VPN Discussion

I am starting to play with VPNs, and I have some questions for the group.
Hopefully these help you and me:

If all we have to configure are routers, then a VPN is nothing more than an
encrypted transport(pipe) between two addresses. Is this correct?

I found that I had to upgrade my router to an IPsec compliant version to do
anything with the crypto command. Does crypto=IPSec=VPN?

All the documentation refers to "applying the crypto maps to interfaces" Is it
significant which interfaces (or types of interfaces) that the crypto maps are
applied to? For example, if R1 and R2 each have an eth and a ser, and are
connected back-to-back ser, would I put my crypto map on the eths or the sers?

 Assume there are other routers in the ser "cloud" above. Does the encryption
cause them any greif? Other than ports 50.51, and udp500, are there other
ports that will block connections?

Finally, the most important, is there another way to provide a point to point
secure connection without IPsec? Can you apply something to a tunnel interface
to call it a VPN?

Can I define a routing neighbor and pass routing info over the VPN? If so,
does this then couse the same routign type problems that tunnels cause?

Recursive route syndrome? Will my VPN see its best orute to endpoint through
VPN?

There is more, but this clears enough buffer space for now.

John

groupstudy nobody <nobody@groupstudy.com> on 02/08/2000 06:31:07 PM
Please respond to "DDA.RFC-822=pbosio@comtech.com.au/P=BAYER/A=TELEMAIL/C=US" @
X400
To: "DDA.RFC-822=ccielab@groupstudy.com/P=Internet/A= /C=us"@X400
cc:

Subject: IPSec

Here are a couple of links I found quite usefull, may have already been posted
to the group..

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/
s
cprt4/index.htm

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_r/
s
rprt4/index.htm

http://www.cisco.com/warp/public/105/IPSECpart1.html

======================================================================
This email message has been swept by MIMEsweeper.

• Next message: Earl Aboytes: "RE: traceroute filter"
• Previous message: Greg Schwimer: "CD used in lab"
• Next in thread: Robert Thompson: "RE: IPsec & VPN Discussion"
• Maybe reply: Robert Thompson: "RE: IPsec & VPN Discussion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:22:53 GMT-3