Re: Cisco GET VPN in transport mode from Mark Jackson on 2009-11-03 (Ccielab archives 11/2009)

From: Mark Jackson <markcciejackson_at_gmail.com>
Date: Tue, 3 Nov 2009 14:16:18 -0800

Well, you sure are an abrasive little elf...also, if your not part of a
general solution, your part of the problem and the problem I see with you is
you just are not nice! Get a life, get some sunshine and maybe your overall
demeanor with change.
on that note...allow me to school you asshole! (queue the school bell)

I said the following:

1. IPSec has compatibility req
2. The TOS field in the header
3. Lack of vectors such as the use of AH and ESP protocols

That was in response to the question of:

1. I do not understand why transport mode suffer fragmentation and
reassembly.

So, hopefully you are following along. I know being a Network
Architect at Presidio
has dulled your 'technical' edge.

On Tue, Nov 3, 2009 at 1:53 PM, Tony Varriale <tvarriale_at_flamboyaninc.com>wrote:

> Your reasons make no sense.
>
> And, please feel free to point out portion of RFC2402 that Cisco is not
> following in their implementation.
>
> tv
>
>
> -----Original Message-----
> From: mark jackson [mailto:markcciejackson_at_gmail.com]
> Sent: Tuesday, November 03, 2009 3:47 PM
> To: Tony Varriale
> Cc: ccielab_at_groupstudy.com
> Subject: Re: Cisco GET VPN in transport mode
>
> Not sure I understand...
>
> Mark Jackson, CCIE#4736
>
> Sent from my iPhone
> Please excuse spelling errors
>
> On Nov 3, 2009, at 1:45 PM, "Tony Varriale"
> <tvarriale_at_flamboyaninc.com> wrote:
>
> > Dare I ask what?
> >
> > tv
> >
> >
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
> > Of mark
> > jackson
> > Sent: Tuesday, November 03, 2009 3:02 PM
> > To: Hans None
> > Cc: ccielab_at_groupstudy.com
> > Subject: Re: Cisco GET VPN in transport mode
> >
> > A few reason for this are:
> >
> > 1. IPSec has compatibility req
> > 2. The TOS field in the header
> > 3. Lack of vectors such as the use of AH and ESP protocols
> >
> > All in all, cisco did not follow the specs define in rfc 2402. Kind
> > of sad
> >
> > Mark Jackson, CCIE#4736
> >
> > Sent from my iPhone
> > Please excuse spelling errors
> >
> > On Nov 3, 2009, at 12:53 PM, Hans None < <acsyao_at_hotmail.com>
> > acsyao_at_hotmail.com> wrote:
> >
> > I have read the following on GET VPN in transport mode:
> >
> >
> > IPsec transport mode suffers from fragmentation and reassembly
> > limitations
> > and must not be used in
> > deployments where encrypted or clear packets might require
> > fragmentation.
> >
> >
> > I do not understand why transport mode suffer fragmentation and
> > reassembly.
> >
> >
> >> From: <markcciejackson_at_gmail.com> <markcciejackson_at_gmail.com>
> > markcciejackson_at_gmail.com
> >> Date: Tue, 3 Nov 2009 12:44:46 -0800
> >> Subject: Re: Cisco GET VPN in transport mode
> >> To: <acsyao_at_hotmail.com> <acsyao_at_hotmail.com>acsyao_at_hotmail.com
> >> CC: <ccielab_at_groupstudy.com> <ccielab_at_groupstudy.com>
> > ccielab_at_groupstudy.com
> >>
> >> It is mainly because Cisco cannot initate/terminate transport mode
> >> IPSec tunnel. Getvpn works mainly in changing the header, it's
> >> actually not changing but the same idea. Mire a copy and paste.
> >>
> >> Mark Jackson, CCIE#4736
> >>
> >> Sent from my iPhone
> >> Please excuse spelling errors
> >>
> >> On Nov 3, 2009, at 12:39 PM, Hans None < <acsyao_at_hotmail.com>
> > acsyao_at_hotmail.com> wrote:
> >>
> >>> All,
> >>>
> >>>
> >>>
> >>> Does anyone know why Cisco GET VPN does not work in IPSEC transport
> >>> mode?
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> Thanks,
> >>>
> >>> _________________________________________________________________
> >>> Bing brings you maps, menus, and reviews organized in one place.
> >>>
> >
> <
> http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=TEXT
> >
> _M><
> http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=T
> > EXT_M>
> >
>
> http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=TEXT_
> > M
> >>> FESRP_Local_MapsMenu_Resturants_1x1
> >>>
> >>>
> >>> Blogs and organic groups at <http://www.ccie.net> <http://www.ccie.net
> >>> >
> > http://www.ccie.net
> >>>
> >>> _______________________________________________________________________
>
>
> >>
> >>
> >>> Subscription information may be found at:
> >>>
> >
> <http://www.groupstudy.com/list/CCIELab.html><
> http://www.groupstudy.com/list
> > /CCIELab.html>
> > http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >
> > ------------------------------
> > Bing brings you maps, menus, and reviews organized in one place. Try
> > it
> >
> now.<
> http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=
> > TEXT_MFESRP_Local_MapsMenu_Resturants_1x1>
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
>
>
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
>
>
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
>
>

-- 
Mark Jackson, CCIE #4736
Senior Network, Security and Voice Architect
858.705.1861
Blogs and organic groups at http://www.ccie.net

Received on Tue Nov 03 2009 - 14:16:18 ART

This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:28 ART