Re: SSL VPN over leased line??? from Iwan Hoogendoorn on 2009-11-15 (Ccielab archives 11/2009)

From: Iwan Hoogendoorn <iwan_at_ipexpert.com>
Date: Sun, 15 Nov 2009 10:20:56 +0100

Well as a leased line is only a direct conection from site to site and
may be secure in 1 persons point of view...
It could not be as secure @ all.
The traffic can still be sniffed and is still clear ...

When you encrypt this it will be scrambled ...

-- 
Regards,
Iwan Hoogendoorn
CCIE #13084 (R&S / Security / SP)
Sr. Support Engineer  IPexpert, Inc.
URL: http://www.IPexpert.com
On Sun, Nov 15, 2009 at 9:00 AM, Samurai Jack
<rs_at_resilient-consulting.com.au> wrote:
> Hello All,
>
> I am looking at VPN access layer scenarios, and cant seem to get my head
> around someone doing SSL VPN over a leased line..I mean why would someone do
> that? Before we get into "have you considered" here is what I did consider:
>
> 1. Having a leased line connection into someone's infrastructure does not
> mean traffic over that link is being encrypted. In order to do that, we
> could simply do IPSec site to site VPN [let's say the IPSec platforms are
> already in place]. To encrypt end to end [host to host],there is not much
> that the network infrastructure can do, as this is upto the end hosts.
>
> 2. It might be difficult to get an internet connection somewhere [or maybe a
> lousy one], but the local telco could give you a leased line instead? Hard
> to digest...
>
> 3. Maybe the requirement is to have a leased line, between the
> two infrastructures instead of leveraging an internet connection due to SLA
> issues [internet = no SLA]. However that would be covered under point 1
> above, and deploying a SSL VPN platform still wont provide an end to end
> encryption between the hosts.
>
> Have you folks ever come across a scenario of SSL VPN over a leased line,
> and why would someone deploy this type of access model [leased line that
> is]? Any pointers/experiences would be appreciated.
>
> thanks in advance.
>
> Al
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net

Received on Sun Nov 15 2009 - 10:20:56 ART

This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:29 ART