RE: (IPSec alternatives)

From: McCallum, Robert (Robert.McCallum@let-it-be-thus.com)
Date: Thu Jun 12 2003 - 16:23:53 GMT-3

• Next message: Jonathan V Hays: "RE: Logs after rebooting"
• Previous message: Howard C. Berkowitz: "RE: R&S MPLS"
• Maybe in reply to: McCallum, Robert: "RE: (IPSec alternatives)"
• Next in thread: McCallum, Robert: "RE: (IPSec alternatives)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

yes but vrfs over an internet provider i.e. I am the provider and I run mpls within my network and I ensure that my routers are not accessible over the internet i.e. not routed outwith my domain addresses then its pretty much secure for users to run across. But however I know that we have the
finance and bakning sector and other really super paranoid people who will still use IPsec, even within a vrf and possibly within a gre tunnel which is encapsulted in IPX, then natted, the 3des encrypted and metophorsed into an X man.

> -----Original Message-----
> From: Peter van Oene [mailto:pvo@usermail.com]
> Sent: 12 June 2003 15:31
> To: 'ccielab@groupstudy.com'
> Subject: RE: (IPSec alternatives)
>
>
> At 08:33 AM 6/12/2003 +0100, McCallum, Robert wrote:
> >why use IPSEC dont you trust MPLS vrfs?
>
> VRFs do not protect you from the provider, or any
> intermediary providers in
> a carrier of carrier networks. I imagine some folks might be
> uncomfortable
> with this.
>
> Pete
>
>
> > > -----Original Message-----
> > > From: Howard C. Berkowitz [mailto:hcb@gettcomm.com]
> > > Sent: 11 June 2003 23:06
> > > To: 'ccielab@groupstudy.com'
> > > Subject: Re: (IPSec alternatives)
> > >
> > >
> > > At 8:57 PM +0100 6/11/03, R&S Groupstudy wrote:
> > > >Hi,
> > > >
> > > >Please can I hear peoples views on the following:
> > > >
> > > >I want to connect three sites together via the internet. (I
> > > just made this
> > > >up)
> > >
> > > Before going farther, you need to a bit more defining of
> the problem
> > > you want to solve, as well as the technology. I think of VPDN as
> > > virtual private dial network, so where is the dialing if you are
> > > running over the Internet? To the ISP?
> > >
> > > Are there other kinds of data not requiring security that
> need to go
> > > over the same tunnels, which would be a reason for GRE?
> > >
> > > Where is the IPSec encryption taking place? Hosts? Your
> > > gateways? ISP gateways?
> > >
> > > >
> > > >I have FW IOS feature set routers .
> > > >
> > > >what are the pros and cons of implementing
> > > >
> > > >1. native IPSEC
> > > >2. IPSEC over GRE tunnels
> > > >3. IPsec using VPDN peering beyween routers.
> > > >
> > > >cheers
> > > >
> > > >Adam

• Next message: Jonathan V Hays: "RE: Logs after rebooting"
• Previous message: Howard C. Berkowitz: "RE: R&S MPLS"
• Maybe in reply to: McCallum, Robert: "RE: (IPSec alternatives)"
• Next in thread: McCallum, Robert: "RE: (IPSec alternatives)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:10:57 GMT-3