ok why SSL and why not IPSec
On Sun, Nov 15, 2009 at 1:20 PM, Iwan Hoogendoorn <iwan_at_ipexpert.com> wrote:
> Well as a leased line is only a direct conection from site to site and
> may be secure in 1 persons point of view...
> It could not be as secure @ all.
> The traffic can still be sniffed and is still clear ...
>
> When you encrypt this it will be scrambled ...
>
> --
> Regards,
>
> Iwan Hoogendoorn
> CCIE #13084 (R&S / Security / SP)
> Sr. Support Engineer IPexpert, Inc.
> URL: http://www.IPexpert.com
>
> On Sun, Nov 15, 2009 at 9:00 AM, Samurai Jack
> <rs_at_resilient-consulting.com.au> wrote:
> > Hello All,
> >
> > I am looking at VPN access layer scenarios, and cant seem to get my head
> > around someone doing SSL VPN over a leased line..I mean why would someone
> do
> > that? Before we get into "have you considered" here is what I did
> consider:
> >
> > 1. Having a leased line connection into someone's infrastructure does not
> > mean traffic over that link is being encrypted. In order to do that, we
> > could simply do IPSec site to site VPN [let's say the IPSec platforms are
> > already in place]. To encrypt end to end [host to host],there is not much
> > that the network infrastructure can do, as this is upto the end hosts.
> >
> > 2. It might be difficult to get an internet connection somewhere [or
> maybe a
> > lousy one], but the local telco could give you a leased line instead?
> Hard
> > to digest...
> >
> > 3. Maybe the requirement is to have a leased line, between the
> > two infrastructures instead of leveraging an internet connection due to
> SLA
> > issues [internet = no SLA]. However that would be covered under point 1
> > above, and deploying a SSL VPN platform still wont provide an end to end
> > encryption between the hosts.
> >
> > Have you folks ever come across a scenario of SSL VPN over a leased line,
> > and why would someone deploy this type of access model [leased line that
> > is]? Any pointers/experiences would be appreciated.
> >
> > thanks in advance.
> >
> > Al
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Best Regards Mohammed Abdul Razzaq Blogs and organic groups at http://www.ccie.netReceived on Sun Nov 15 2009 - 13:51:00 ART
This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:29 ART