Re: Cisco GET VPN in transport mode

Not sure I understand...

Mark Jackson, CCIE#4736

Sent from my iPhone
Please excuse spelling errors

On Nov 3, 2009, at 1:45 PM, "Tony Varriale"
<tvarriale_at_flamboyaninc.com> wrote:

> Dare I ask what?
>
> tv
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
> Of mark
> jackson
> Sent: Tuesday, November 03, 2009 3:02 PM
> To: Hans None
> Cc: ccielab_at_groupstudy.com
> Subject: Re: Cisco GET VPN in transport mode
>
> A few reason for this are:
>
> 1. IPSec has compatibility req
> 2. The TOS field in the header
> 3. Lack of vectors such as the use of AH and ESP protocols
>
> All in all, cisco did not follow the specs define in rfc 2402. Kind
> of sad
>
> Mark Jackson, CCIE#4736
>
> Sent from my iPhone
> Please excuse spelling errors
>
> On Nov 3, 2009, at 12:53 PM, Hans None < <acsyao_at_hotmail.com>
> acsyao_at_hotmail.com> wrote:
>
> I have read the following on GET VPN in transport mode:
>
>
> IPsec transport mode suffers from fragmentation and reassembly
> limitations
> and must not be used in
> deployments where encrypted or clear packets might require
> fragmentation.
>
>
> I do not understand why transport mode suffer fragmentation and
> reassembly.
>
>
>> From: <markcciejackson_at_gmail.com> <markcciejackson_at_gmail.com>
> markcciejackson_at_gmail.com
>> Date: Tue, 3 Nov 2009 12:44:46 -0800
>> Subject: Re: Cisco GET VPN in transport mode
>> To: <acsyao_at_hotmail.com> <acsyao_at_hotmail.com>acsyao_at_hotmail.com
>> CC: <ccielab_at_groupstudy.com> <ccielab_at_groupstudy.com>
> ccielab_at_groupstudy.com
>>
>> It is mainly because Cisco cannot initate/terminate transport mode
>> IPSec tunnel. Getvpn works mainly in changing the header, it's
>> actually not changing but the same idea. Mire a copy and paste.
>>
>> Mark Jackson, CCIE#4736
>>
>> Sent from my iPhone
>> Please excuse spelling errors
>>
>> On Nov 3, 2009, at 12:39 PM, Hans None < <acsyao_at_hotmail.com>
> acsyao_at_hotmail.com> wrote:
>>
>>> All,
>>>
>>>
>>>
>>> Does anyone know why Cisco GET VPN does not work in IPSEC transport
>>> mode?
>>>
>>>
>>>
>>>
>>>
>>> Thanks,
>>>
>>> _________________________________________________________________
>>> Bing brings you maps, menus, and reviews organized in one place.
>>>
> <http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=TEXT
> _M><http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=T
> EXT_M>
> http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=TEXT_
> M
>>> FESRP_Local_MapsMenu_Resturants_1x1
>>>
>>>
>>> Blogs and organic groups at <http://www.ccie.net> <http://www.ccie.net
>>> >
> http://www.ccie.net
>>>
>>> _______________________________________________________________________

>>
>>
>>> Subscription information may be found at:
>>>
> <http://www.groupstudy.com/list/CCIELab.html><http://www.groupstudy.com/list
> /CCIELab.html>
> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>
> ------------------------------
> Bing brings you maps, menus, and reviews organized in one place. Try
> it
> now.<http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=
> TEXT_MFESRP_Local_MapsMenu_Resturants_1x1>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________

> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________

> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue Nov 03 2009 - 13:47:14 ART