Re: Cisco GET VPN in transport mode

Didn't finish that. Sent without fully being finished. Allow me to finish,
then ring the school bell.

On Tue, Nov 3, 2009 at 2:16 PM, Mark Jackson <markcciejackson_at_gmail.com>wrote:

> Well, you sure are an abrasive little elf...also, if your not part of a
> general solution, your part of the problem and the problem I see with you is
> you just are not nice! Get a life, get some sunshine and maybe your overall
> demeanor with change.
> on that note...allow me to school you asshole! (queue the school bell)
>
> I said the following:
>
> 1. IPSec has compatibility req
> 2. The TOS field in the header
> 3. Lack of vectors such as the use of AH and ESP protocols
>
> That was in response to the question of:
>
> 1. I do not understand why transport mode suffer fragmentation and
> reassembly.
>
> So, hopefully you are following along. I know being a Network Architect at Presidio
> has dulled your 'technical' edge.
>
>
>
>
>
>
> On Tue, Nov 3, 2009 at 1:53 PM, Tony Varriale <tvarriale_at_flamboyaninc.com>wrote:
>
>> Your reasons make no sense.
>>
>> And, please feel free to point out portion of RFC2402 that Cisco is not
>> following in their implementation.
>>
>> tv
>>
>>
>> -----Original Message-----
>> From: mark jackson [mailto:markcciejackson_at_gmail.com]
>> Sent: Tuesday, November 03, 2009 3:47 PM
>> To: Tony Varriale
>> Cc: ccielab_at_groupstudy.com
>> Subject: Re: Cisco GET VPN in transport mode
>>
>> Not sure I understand...
>>
>> Mark Jackson, CCIE#4736
>>
>> Sent from my iPhone
>> Please excuse spelling errors
>>
>> On Nov 3, 2009, at 1:45 PM, "Tony Varriale"
>> <tvarriale_at_flamboyaninc.com> wrote:
>>
>> > Dare I ask what?
>> >
>> > tv
>> >
>> >
>> > -----Original Message-----
>> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
>> > Of mark
>> > jackson
>> > Sent: Tuesday, November 03, 2009 3:02 PM
>> > To: Hans None
>> > Cc: ccielab_at_groupstudy.com
>> > Subject: Re: Cisco GET VPN in transport mode
>> >
>> > A few reason for this are:
>> >
>> > 1. IPSec has compatibility req
>> > 2. The TOS field in the header
>> > 3. Lack of vectors such as the use of AH and ESP protocols
>> >
>> > All in all, cisco did not follow the specs define in rfc 2402. Kind
>> > of sad
>> >
>> > Mark Jackson, CCIE#4736
>> >
>> > Sent from my iPhone
>> > Please excuse spelling errors
>> >
>> > On Nov 3, 2009, at 12:53 PM, Hans None < <acsyao_at_hotmail.com>
>> > acsyao_at_hotmail.com> wrote:
>> >
>> > I have read the following on GET VPN in transport mode:
>> >
>> >
>> > IPsec transport mode suffers from fragmentation and reassembly
>> > limitations
>> > and must not be used in
>> > deployments where encrypted or clear packets might require
>> > fragmentation.
>> >
>> >
>> > I do not understand why transport mode suffer fragmentation and
>> > reassembly.
>> >
>> >
>> >> From: <markcciejackson_at_gmail.com> <markcciejackson_at_gmail.com>
>> > markcciejackson_at_gmail.com
>> >> Date: Tue, 3 Nov 2009 12:44:46 -0800
>> >> Subject: Re: Cisco GET VPN in transport mode
>> >> To: <acsyao_at_hotmail.com> <acsyao_at_hotmail.com>acsyao_at_hotmail.com
>> >> CC: <ccielab_at_groupstudy.com> <ccielab_at_groupstudy.com>
>> > ccielab_at_groupstudy.com
>> >>
>> >> It is mainly because Cisco cannot initate/terminate transport mode
>> >> IPSec tunnel. Getvpn works mainly in changing the header, it's
>> >> actually not changing but the same idea. Mire a copy and paste.
>> >>
>> >> Mark Jackson, CCIE#4736
>> >>
>> >> Sent from my iPhone
>> >> Please excuse spelling errors
>> >>
>> >> On Nov 3, 2009, at 12:39 PM, Hans None < <acsyao_at_hotmail.com>
>> > acsyao_at_hotmail.com> wrote:
>> >>
>> >>> All,
>> >>>
>> >>>
>> >>>
>> >>> Does anyone know why Cisco GET VPN does not work in IPSEC transport
>> >>> mode?
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> Thanks,
>> >>>
>> >>> _________________________________________________________________
>> >>> Bing brings you maps, menus, and reviews organized in one place.
>> >>>
>> >
>> <
>> http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=TEXT
>> >
>> _M><
>> http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=T
>> > EXT_M>
>> >
>>
>> http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=TEXT_
>> > M
>> >>> FESRP_Local_MapsMenu_Resturants_1x1
>> >>>
>> >>>
>> >>> Blogs and organic groups at <http://www.ccie.net> <
>> http://www.ccie.net
>> >>> >
>> > http://www.ccie.net
>> >>>
>> >>>
>> _______________________________________________________________________
>>
>>
>> >>
>> >>
>> >>> Subscription information may be found at:
>> >>>
>> >
>> <http://www.groupstudy.com/list/CCIELab.html><
>> http://www.groupstudy.com/list
>> > /CCIELab.html>
>> > http://www.groupstudy.com/list/CCIELab.html
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >
>> > ------------------------------
>> > Bing brings you maps, menus, and reviews organized in one place. Try
>> > it
>> >
>> now.<
>> http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=
>> > TEXT_MFESRP_Local_MapsMenu_Resturants_1x1>
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>>
>>
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>>
>>
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>>
>>
>
>
> --
> Mark Jackson, CCIE #4736
> Senior Network, Security and Voice Architect
>
> 858.705.1861
>

-- 
Mark Jackson, CCIE #4736
Senior Network, Security and Voice Architect
858.705.1861
Blogs and organic groups at http://www.ccie.net