RE: Cisco GET VPN in transport mode from Hans None on 2009-11-03 (Ccielab archives 11/2009)

From: Hans None <acsyao_at_hotmail.com>
Date: Tue, 3 Nov 2009 22:15:26 +0000

All,

Thanks for your replies.

Back to my original question, why Cisco said there will be fragmentation
reassembly issues with IPSC transport mode while implementing GET VPN?

To my knowledge, transport mode normally has less overhead than tunnel
mode...

What exactly is the fragmentation reassembly issue with transport mode?

Thanks,

Hans

> From: tvarriale_at_flamboyaninc.com
> To: markcciejackson_at_gmail.com
> CC: ccielab_at_groupstudy.com
> Subject: RE: Cisco GET VPN in transport mode
> Date: Tue, 3 Nov 2009 15:53:59 -0600
>
> Your reasons make no sense.
>
> And, please feel free to point out portion of RFC2402 that Cisco is not
> following in their implementation.
>
> tv
>
>
> -----Original Message-----
> From: mark jackson [mailto:markcciejackson_at_gmail.com]
> Sent: Tuesday, November 03, 2009 3:47 PM
> To: Tony Varriale
> Cc: ccielab_at_groupstudy.com
> Subject: Re: Cisco GET VPN in transport mode
>
> Not sure I understand...
>
> Mark Jackson, CCIE#4736
>
> Sent from my iPhone
> Please excuse spelling errors
>
> On Nov 3, 2009, at 1:45 PM, "Tony Varriale"
> <tvarriale_at_flamboyaninc.com> wrote:
>
> > Dare I ask what?
> >
> > tv
> >
> >
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
> > Of mark
> > jackson
> > Sent: Tuesday, November 03, 2009 3:02 PM
> > To: Hans None
> > Cc: ccielab_at_groupstudy.com
> > Subject: Re: Cisco GET VPN in transport mode
> >
> > A few reason for this are:
> >
> > 1. IPSec has compatibility req
> > 2. The TOS field in the header
> > 3. Lack of vectors such as the use of AH and ESP protocols
> >
> > All in all, cisco did not follow the specs define in rfc 2402. Kind
> > of sad
> >
> > Mark Jackson, CCIE#4736
> >
> > Sent from my iPhone
> > Please excuse spelling errors
> >
> > On Nov 3, 2009, at 12:53 PM, Hans None < <acsyao_at_hotmail.com>
> > acsyao_at_hotmail.com> wrote:
> >
> > I have read the following on GET VPN in transport mode:
> >
> >
> > IPsec transport mode suffers from fragmentation and reassembly
> > limitations
> > and must not be used in
> > deployments where encrypted or clear packets might require
> > fragmentation.
> >
> >
> > I do not understand why transport mode suffer fragmentation and
> > reassembly.
> >
> >
> >> From: <markcciejackson_at_gmail.com> <markcciejackson_at_gmail.com>
> > markcciejackson_at_gmail.com
> >> Date: Tue, 3 Nov 2009 12:44:46 -0800
> >> Subject: Re: Cisco GET VPN in transport mode
> >> To: <acsyao_at_hotmail.com> <acsyao_at_hotmail.com>acsyao_at_hotmail.com
> >> CC: <ccielab_at_groupstudy.com> <ccielab_at_groupstudy.com>
> > ccielab_at_groupstudy.com
> >>
> >> It is mainly because Cisco cannot initate/terminate transport mode
> >> IPSec tunnel. Getvpn works mainly in changing the header, it's
> >> actually not changing but the same idea. Mire a copy and paste.
> >>
> >> Mark Jackson, CCIE#4736
> >>
> >> Sent from my iPhone
> >> Please excuse spelling errors
> >>
> >> On Nov 3, 2009, at 12:39 PM, Hans None < <acsyao_at_hotmail.com>
> > acsyao_at_hotmail.com> wrote:
> >>
> >>> All,
> >>>
> >>>
> >>>
> >>> Does anyone know why Cisco GET VPN does not work in IPSEC transport
> >>> mode?
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> Thanks,
> >>>
> >>> _________________________________________________________________
> >>> Bing brings you maps, menus, and reviews organized in one place.
> >>>
> >
>
<http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=TEXT
> >
>
_M><http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=T
> > EXT_M>
> >
>
http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=TEXT_
> > M
> >>> FESRP_Local_MapsMenu_Resturants_1x1
> >>>
> >>>
> >>> Blogs and organic groups at <http://www.ccie.net> <http://www.ccie.net
> >>> >
> > http://www.ccie.net
> >>>
> >>> _______________________________________________________________________
>
>
> >>
> >>
> >>> Subscription information may be found at:
> >>>
> >
>
<http://www.groupstudy.com/list/CCIELab.html><http://www.groupstudy.com/list
> > /CCIELab.html>
> > http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >
> > ------------------------------
> > Bing brings you maps, menus, and reviews organized in one place. Try
> > it
> >
>
now.<http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=
> > TEXT_MFESRP_Local_MapsMenu_Resturants_1x1>
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
>
>
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
>
>
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
Received on Tue Nov 03 2009 - 22:15:26 ART

This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:28 ART