RE: RE: single vlan traffic seperation

From: stevek@ccie.com.au
Date: Wed Mar 18 2009 - 00:17:05 ART

• Next message: Usama Pervaiz: "NAT with router on a stick"
• Previous message: Thameem Maranveetil Parambath: "Re: Failing from oral part of lab exam"
• Maybe in reply to: Jared Scrivener: "RE: single vlan traffic seperation"
• Next in thread: Dale Shaw: "Re: RE: single vlan traffic seperation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

O.K thanks for the reply. Ive never tyred this before but will give it a
go. So with this option the encryption is handled as the workstation
end...however the server is located at an internationally remote location
and the traffic needs to travel across the WAN via IPSEC tunnels. The
customer does NOT want to waist international bandwidth so there will be
2 separate tunnels end to end, one for voice and one for data which is
the IPSEC encrypted tunnel.How will i be able to differentiate this
traffic at each end and direct traffic across there respected tunnels...
encripted vs non-encripted (or does the ipsec tunnel itself allow to do
this internaly )? Thanks again for your reply, I have never done anything
like this before and I don’t think its technically possible to be
honest.. but i m ay be wrong ..steve

------- Original Message ------- On 3/18/2009 03:07 AM Jared Scrivener
wrote:
The simplest way is to use the built-in Windows IPSec policies (they're
easy
to configure). Just pick one with AES256 and IPSec transport mode then
enable it for the traffic that needs encrypting.

Cheers,

Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: jscrivener@ipexpert.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
stevek@ccie.com.au
Sent: Tuesday, 17 March 2009 9:24 PM
To: ccielab@groupstudy.com
Subject: single vlan traffic seperation

O.K experts, here is a topic ive been trying to implement... Is there any
way you can encrypt user data traffic but not voice traffic within a
single vlan over WAN...??I have clients in remote site that use Cisco
soft-phones in their desktops, the desktops connect via single Ethernet
port to a L2/L3 switch in a single vlan configuration. The problem is the
client is asking to run end to end IPSec AES256 encryption between the
VDI desktop and the server, selectively applying th e encryption to only
the tcp port responsible for the data traffic but not the voice traffic
is this possible..? how can i selectively encrypt the data traffic but
not the voice traffic over the WAN,,,..???? THANKS in advanced!Steve

Blogs and organic groups at http://www.ccie.net

• Next message: Usama Pervaiz: "NAT with router on a stick"
• Previous message: Thameem Maranveetil Parambath: "Re: Failing from oral part of lab exam"
• Maybe in reply to: Jared Scrivener: "RE: single vlan traffic seperation"
• Next in thread: Dale Shaw: "Re: RE: single vlan traffic seperation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:05 ART