Re: Cisco GET VPN in transport mode from Ramanpreet Singh on 2009-11-03 (Ccielab archives 11/2009)

From: Ramanpreet Singh <sikandar.raman_at_gmail.com>
Date: Tue, 3 Nov 2009 16:34:00 -0600

lol!

On Tue, Nov 3, 2009 at 4:17 PM, Mark Jackson <markcciejackson_at_gmail.com> wrote:
> Didn't finish that. Sent without fully being finished. Allow me to finish,
> then ring the school bell.
>
> On Tue, Nov 3, 2009 at 2:16 PM, Mark Jackson <markcciejackson_at_gmail.com>wrote:
>
>> Well, you sure are an abrasive little elf...also, if your not part of a
>> general solution, your part of the problem and the problem I see with you is
>> you just are not nice! Get a life, get some sunshine and maybe your overall
>> demeanor with change.
>> on that note...allow me to school you asshole! (queue the school bell)
>>
>> I said the following:
>>
>> 1. IPSec has compatibility req
>> 2. The TOS field in the header
>> 3. Lack of vectors such as the use of AH and ESP protocols
>>
>> That was in response to the question of:
>>
>> 1. I do not understand why transport mode suffer fragmentation and
>> reassembly.
>>
>> So, hopefully you are following along. I know being a Network Architect at Presidio
>> has dulled your 'technical' edge.
>>
>>
>>
>>
>>
>>
>> On Tue, Nov 3, 2009 at 1:53 PM, Tony Varriale <tvarriale_at_flamboyaninc.com>wrote:
>>
>>> Your reasons make no sense.
>>>
>>> And, please feel free to point out portion of RFC2402 that Cisco is not
>>> following in their implementation.
>>>
>>> tv
>>>
>>>
>>> -----Original Message-----
>>> From: mark jackson [mailto:markcciejackson_at_gmail.com]
>>> Sent: Tuesday, November 03, 2009 3:47 PM
>>> To: Tony Varriale
>>> Cc: ccielab_at_groupstudy.com
>>> Subject: Re: Cisco GET VPN in transport mode
>>>
>>> Not sure I understand...
>>>
>>> Mark Jackson, CCIE#4736
>>>
>>> Sent from my iPhone
>>> Please excuse spelling errors
>>>
>>> On Nov 3, 2009, at 1:45 PM, "Tony Varriale"
>>> <tvarriale_at_flamboyaninc.com> wrote:
>>>
>>> > Dare I ask what?
>>> >
>>> > tv
>>> >
>>> >
>>> > -----Original Message-----
>>> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
>>> > Of mark
>>> > jackson
>>> > Sent: Tuesday, November 03, 2009 3:02 PM
>>> > To: Hans None
>>> > Cc: ccielab_at_groupstudy.com
>>> > Subject: Re: Cisco GET VPN in transport mode
>>> >
>>> > A few reason for this are:
>>> >
>>> > 1. IPSec has compatibility req
>>> > 2. The TOS field in the header
>>> > 3. Lack of vectors such as the use of AH and ESP protocols
>>> >
>>> > All in all, cisco did not follow the specs define in rfc 2402. Kind
>>> > of sad
>>> >
>>> > Mark Jackson, CCIE#4736
>>> >
>>> > Sent from my iPhone
>>> > Please excuse spelling errors
>>> >
>>> > On Nov 3, 2009, at 12:53 PM, Hans None < <acsyao_at_hotmail.com>
>>> > acsyao_at_hotmail.com> wrote:
>>> >
>>> > I have read the following on GET VPN in transport mode:
>>> >
>>> >
>>> > IPsec transport mode suffers from fragmentation and reassembly
>>> > limitations
>>> > and must not be used in
>>> > deployments where encrypted or clear packets might require
>>> > fragmentation.
>>> >
>>> >
>>> > I do not understand why transport mode suffer fragmentation and
>>> > reassembly.
>>> >
>>> >
>>> >> From: <markcciejackson_at_gmail.com> <markcciejackson_at_gmail.com>
>>> > markcciejackson_at_gmail.com
>>> >> Date: Tue, 3 Nov 2009 12:44:46 -0800
>>> >> Subject: Re: Cisco GET VPN in transport mode
>>> >> To: <acsyao_at_hotmail.com> <acsyao_at_hotmail.com>acsyao_at_hotmail.com
>>> >> CC: <ccielab_at_groupstudy.com> <ccielab_at_groupstudy.com>
>>> > ccielab_at_groupstudy.com
>>> >>
>>> >> It is mainly because Cisco cannot initate/terminate transport mode
>>> >> IPSec tunnel. Getvpn works mainly in changing the header, it's
>>> >> actually not changing but the same idea. Mire a copy and paste.
>>> >>
>>> >> Mark Jackson, CCIE#4736
>>> >>
>>> >> Sent from my iPhone
>>> >> Please excuse spelling errors
>>> >>
>>> >> On Nov 3, 2009, at 12:39 PM, Hans None < <acsyao_at_hotmail.com>
>>> > acsyao_at_hotmail.com> wrote:
>>> >>
>>> >>> All,
>>> >>>
>>> >>>
>>> >>>
>>> >>> Does anyone know why Cisco GET VPN does not work in IPSEC transport
>>> >>> mode?
>>> >>>
>>> >>>
>>> >>>
>>> >>>
>>> >>>
>>> >>> Thanks,
>>> >>>
>>> >>> _________________________________________________________________
>>> >>> Bing brings you maps, menus, and reviews organized in one place.
>>> >>>
>>> >
>>> <
>>> http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=TEXT
>>> >
>>> _M><
>>> http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=T
>>> > EXT_M>
>>> >
>>>
>>> http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=TEXT_
>>> > M
>>> >>> FESRP_Local_MapsMenu_Resturants_1x1
>>> >>>
>>> >>>
>>> >>> Blogs and organic groups at <http://www.ccie.net> <
>>> http://www.ccie.net
>>> >>> >
>>> > http://www.ccie.net
>>> >>>
>>> >>>
>>> _______________________________________________________________________
>>>
>>>
>>> >>
>>> >>
>>> >>> Subscription information may be found at:
>>> >>>
>>> >
>>> <http://www.groupstudy.com/list/CCIELab.html><
>>> http://www.groupstudy.com/list
>>> > /CCIELab.html>
>>> > http://www.groupstudy.com/list/CCIELab.html
>>> >>>
>>> >>>
>>> >>>
>>> >>>
>>> >>>
>>> >>>
>>> >>>
>>> >
>>> > ------------------------------
>>> > Bing brings you maps, menus, and reviews organized in one place. Try
>>> > it
>>> >
>>> now.<
>>> http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=
>>> > TEXT_MFESRP_Local_MapsMenu_Resturants_1x1>
>>> >
>>> >
>>> > Blogs and organic groups at http://www.ccie.net
>>> >
>>> > _______________________________________________________________________
>>>
>>>
>>> > Subscription information may be found at:
>>> > http://www.groupstudy.com/list/CCIELab.html
>>> >
>>> >
>>> > Blogs and organic groups at http://www.ccie.net
>>> >
>>> > _______________________________________________________________________
>>>
>>>
>>> > Subscription information may be found at:
>>> > http://www.groupstudy.com/list/CCIELab.html
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>>
>>>
>>
>>
>> --
>> Mark Jackson, CCIE #4736
>> Senior Network, Security and Voice Architect
>>
>> 858.705.1861
>>
>
>
>
> --
> Mark Jackson, CCIE #4736
> Senior Network, Security and Voice Architect
>
> 858.705.1861
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue Nov 03 2009 - 16:34:00 ART

This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:28 ART