Re: Cisco GET VPN in transport mode from mark jackson on 2009-11-03 (Ccielab archives 11/2009)

From: mark jackson <markcciejackson_at_gmail.com>
Date: Tue, 3 Nov 2009 13:01:54 -0800

A few reason for this are:

1. IPSec has compatibility req
2. The TOS field in the header
3. Lack of vectors such as the use of AH and ESP protocols

All in all, cisco did not follow the specs define in rfc 2402. Kind of sad

Mark Jackson, CCIE#4736

Sent from my iPhone
Please excuse spelling errors

On Nov 3, 2009, at 12:53 PM, Hans None < <acsyao_at_hotmail.com>
acsyao_at_hotmail.com> wrote:

I have read the following on GET VPN in transport mode:

IPsec transport mode suffers from fragmentation and reassembly limitations
and must not be used in
deployments where encrypted or clear packets might require fragmentation.

I do not understand why transport mode suffer fragmentation and reassembly.

> From: <markcciejackson_at_gmail.com> <markcciejackson_at_gmail.com>
markcciejackson_at_gmail.com
> Date: Tue, 3 Nov 2009 12:44:46 -0800
> Subject: Re: Cisco GET VPN in transport mode
> To: <acsyao_at_hotmail.com> <acsyao_at_hotmail.com>acsyao_at_hotmail.com
> CC: <ccielab_at_groupstudy.com> <ccielab_at_groupstudy.com>
ccielab_at_groupstudy.com
>
> It is mainly because Cisco cannot initate/terminate transport mode
> IPSec tunnel. Getvpn works mainly in changing the header, it's
> actually not changing but the same idea. Mire a copy and paste.
>
> Mark Jackson, CCIE#4736
>
> Sent from my iPhone
> Please excuse spelling errors
>
> On Nov 3, 2009, at 12:39 PM, Hans None < <acsyao_at_hotmail.com>
acsyao_at_hotmail.com> wrote:
>
> > All,
> >
> >
> >
> > Does anyone know why Cisco GET VPN does not work in IPSEC transport
> > mode?
> >
> >
> >
> >
> >
> > Thanks,
> >
> > _________________________________________________________________
> > Bing brings you maps, menus, and reviews organized in one place.
> >
<http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=TEXT_M><http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=TEXT_M>
http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=TEXT_M
> > FESRP_Local_MapsMenu_Resturants_1x1
> >
> >
> > Blogs and organic groups at <http://www.ccie.net> <http://www.ccie.net>
http://www.ccie.net
> >
> > _______________________________________________________________________
>
>
> > Subscription information may be found at:
> > <http://www.groupstudy.com/list/CCIELab.html><http://www.groupstudy.com/list/CCIELab.html>
http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >

------------------------------
Bing brings you maps, menus, and reviews organized in one place. Try
it now.<http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=TEXT_MFESRP_Local_MapsMenu_Resturants_1x1>

Blogs and organic groups at http://www.ccie.net
Received on Tue Nov 03 2009 - 13:01:54 ART

This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:28 ART