Re: FW: Cisco GET VPN in transport mode from Mark Jackson on 2009-11-03 (Ccielab archives 11/2009)

From: Mark Jackson <markcciejackson_at_gmail.com>
Date: Tue, 3 Nov 2009 14:45:28 -0800

Oh but wait. I am still typing my response.

Paul,

Maybe a rule to be more nice...

And Tony,
This isn't the first time you have been a jerk. So put a sock in it. Your
not blameless.

On Tue, Nov 3, 2009 at 2:41 PM, Tony Varriale <tvarriale_at_flamboyaninc.com>wrote:

> Yeah, you continually say nothing.
>
>
>
> Let me help. http://www.groupstudy.com/list/guide.html
>
>
>
>
>
> Paul, can we get some assistance here?
>
>
>
> tv
>
> From: Mark Jackson [mailto:markcciejackson_at_gmail.com]
> Sent: Tuesday, November 03, 2009 4:16 PM
> To: tvarriale_at_flamboyaninc.com
> Cc: ccielab_at_groupstudy.com
> Subject: Re: Cisco GET VPN in transport mode
>
>
>
> Well, you sure are an abrasive little elf...also, if your not part of a
> general solution, your part of the problem and the problem I see with you
> is
> you just are not nice! Get a life, get some sunshine and maybe your overall
> demeanor with change.
>
> on that note...allow me to school you asshole! (queue the school bell)
>
>
>
> I said the following:
>
>
>
> 1. IPSec has compatibility req
> 2. The TOS field in the header
> 3. Lack of vectors such as the use of AH and ESP protocols
>
>
>
> That was in response to the question of:
>
>
>
> 1. I do not understand why transport mode suffer fragmentation and
> reassembly.
>
>
>
> So, hopefully you are following along. I know being a Network Architect at
> Presidio has dulled your 'technical' edge.
>
>
>
>
>
>
>
>
>
>
>
> On Tue, Nov 3, 2009 at 1:53 PM, Tony Varriale <tvarriale_at_flamboyaninc.com>
> wrote:
>
> Your reasons make no sense.
>
> And, please feel free to point out portion of RFC2402 that Cisco is not
> following in their implementation.
>
> tv
>
>
>
> -----Original Message-----
> From: mark jackson [mailto:markcciejackson_at_gmail.com]
> Sent: Tuesday, November 03, 2009 3:47 PM
> To: Tony Varriale
> Cc: ccielab_at_groupstudy.com
> Subject: Re: Cisco GET VPN in transport mode
>
> Not sure I understand...
>
> Mark Jackson, CCIE#4736
>
> Sent from my iPhone
> Please excuse spelling errors
>
> On Nov 3, 2009, at 1:45 PM, "Tony Varriale"
> <tvarriale_at_flamboyaninc.com> wrote:
>
> > Dare I ask what?
> >
> > tv
> >
> >
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
> > Of mark
> > jackson
> > Sent: Tuesday, November 03, 2009 3:02 PM
> > To: Hans None
> > Cc: ccielab_at_groupstudy.com
> > Subject: Re: Cisco GET VPN in transport mode
> >
> > A few reason for this are:
> >
> > 1. IPSec has compatibility req
> > 2. The TOS field in the header
> > 3. Lack of vectors such as the use of AH and ESP protocols
> >
> > All in all, cisco did not follow the specs define in rfc 2402. Kind
> > of sad
> >
> > Mark Jackson, CCIE#4736
> >
> > Sent from my iPhone
> > Please excuse spelling errors
> >
> > On Nov 3, 2009, at 12:53 PM, Hans None < <acsyao_at_hotmail.com>
> > acsyao_at_hotmail.com> wrote:
> >
> > I have read the following on GET VPN in transport mode:
> >
> >
> > IPsec transport mode suffers from fragmentation and reassembly
> > limitations
> > and must not be used in
> > deployments where encrypted or clear packets might require
> > fragmentation.
> >
> >
> > I do not understand why transport mode suffer fragmentation and
> > reassembly.
> >
> >
> >> From: <markcciejackson_at_gmail.com> <markcciejackson_at_gmail.com>
> > markcciejackson_at_gmail.com
> >> Date: Tue, 3 Nov 2009 12:44:46 -0800
> >> Subject: Re: Cisco GET VPN in transport mode
> >> To: <acsyao_at_hotmail.com> <acsyao_at_hotmail.com>acsyao_at_hotmail.com
> >> CC: <ccielab_at_groupstudy.com> <ccielab_at_groupstudy.com>
> > ccielab_at_groupstudy.com
> >>
> >> It is mainly because Cisco cannot initate/terminate transport mode
> >> IPSec tunnel. Getvpn works mainly in changing the header, it's
> >> actually not changing but the same idea. Mire a copy and paste.
> >>
> >> Mark Jackson, CCIE#4736
> >>
> >> Sent from my iPhone
> >> Please excuse spelling errors
> >>
> >> On Nov 3, 2009, at 12:39 PM, Hans None < <acsyao_at_hotmail.com>
> > acsyao_at_hotmail.com> wrote:
> >>
> >>> All,
> >>>
> >>>
> >>>
> >>> Does anyone know why Cisco GET VPN does not work in IPSEC transport
> >>> mode?
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> Thanks,
> >>>
> >>> _________________________________________________________________
> >>> Bing brings you maps, menus, and reviews organized in one place.
> >>>
> >
> <http://www.bing.com/search?q=restaurants
> <
> http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=TEXT
> > &form=MFESRP&publ=WLHMTAG&crea=TEXT
> >
> _M><http://www.bing.com/search?q=restaurants
> <http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=T>
> &form=MFESRP&publ=WLHMTAG&crea=T
> > EXT_M>
> >
> http://www.bing.com/search?q=restaurants
> <
> http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=TEXT
> _> &form=MFESRP&publ=WLHMTAG&crea=TEXT_
> > M
> >>> FESRP_Local_MapsMenu_Resturants_1x1
> >>>
> >>>
> >>> Blogs and organic groups at <http://www.ccie.net <http://www.ccie.net/
> >
> > <http://www.ccie.net <http://www.ccie.net/>
> >>> >
> > http://www.ccie.net <http://www.ccie.net/>
> >>>
> >>> _______________________________________________________________________
>
>
> >>
> >>
> >>> Subscription information may be found at:
> >>>
> >
> <http://www.groupstudy.com/list/CCIELab.html><
> http://www.groupstudy.com/list
> > /CCIELab.html>
> > http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >
> > ------------------------------
> > Bing brings you maps, menus, and reviews organized in one place. Try
> > it
> >
> now.<http://www.bing.com/search?q=restaurants
> <http://www.bing.com/search?q=restaurants&form=MFESRP&publ=WLHMTAG&crea=>
> &form=MFESRP&publ=WLHMTAG&crea=
> > TEXT_MFESRP_Local_MapsMenu_Resturants_1x1>
> >
> >
> > Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
> >
> > _______________________________________________________________________
>
>
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
> >
> > _______________________________________________________________________
>
>
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
>
>
>
>
> --
> Mark Jackson, CCIE #4736
> Senior Network, Security and Voice Architect
>
> 858.705.1861
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Mark Jackson, CCIE #4736
Senior Network, Security and Voice Architect
858.705.1861
Blogs and organic groups at http://www.ccie.net

Received on Tue Nov 03 2009 - 14:45:28 ART

This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:28 ART