From: Peter van Oene (pvo@usermail.com)
Date: Thu Jun 12 2003 - 11:31:06 GMT-3
At 08:33 AM 6/12/2003 +0100, McCallum, Robert wrote:
>why use IPSEC dont you trust MPLS vrfs?
VRFs do not protect you from the provider, or any intermediary providers in
a carrier of carrier networks. I imagine some folks might be uncomfortable
with this.
Pete
> > -----Original Message-----
> > From: Howard C. Berkowitz [mailto:hcb@gettcomm.com]
> > Sent: 11 June 2003 23:06
> > To: 'ccielab@groupstudy.com'
> > Subject: Re: (IPSec alternatives)
> >
> >
> > At 8:57 PM +0100 6/11/03, R&S Groupstudy wrote:
> > >Hi,
> > >
> > >Please can I hear peoples views on the following:
> > >
> > >I want to connect three sites together via the internet. (I
> > just made this
> > >up)
> >
> > Before going farther, you need to a bit more defining of the problem
> > you want to solve, as well as the technology. I think of VPDN as
> > virtual private dial network, so where is the dialing if you are
> > running over the Internet? To the ISP?
> >
> > Are there other kinds of data not requiring security that need to go
> > over the same tunnels, which would be a reason for GRE?
> >
> > Where is the IPSec encryption taking place? Hosts? Your
> > gateways? ISP gateways?
> >
> > >
> > >I have FW IOS feature set routers .
> > >
> > >what are the pros and cons of implementing
> > >
> > >1. native IPSEC
> > >2. IPSEC over GRE tunnels
> > >3. IPsec using VPDN peering beyween routers.
> > >
> > >cheers
> > >
> > >Adam
This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:10:57 GMT-3