OK Brandon, that makes sense. If we are looking at user accountability then
it does make sense to have SSL VPN over IPSec regardless of the connectivity
[leased line or Internet] type. Thanks for the example.
regards
Al
On Sun, Nov 15, 2009 at 8:51 PM, Mohammed Naviwala <monavy_at_gmail.com> wrote:
> ok why SSL and why not IPSec
>
>
> On Sun, Nov 15, 2009 at 1:20 PM, Iwan Hoogendoorn <iwan_at_ipexpert.com>wrote:
>
>> Well as a leased line is only a direct conection from site to site and
>> may be secure in 1 persons point of view...
>> It could not be as secure @ all.
>> The traffic can still be sniffed and is still clear ...
>>
>> When you encrypt this it will be scrambled ...
>>
>> --
>> Regards,
>>
>> Iwan Hoogendoorn
>> CCIE #13084 (R&S / Security / SP)
>> Sr. Support Engineer IPexpert, Inc.
>> URL: http://www.IPexpert.com
>>
>> On Sun, Nov 15, 2009 at 9:00 AM, Samurai Jack
>> <rs_at_resilient-consulting.com.au> wrote:
>> > Hello All,
>> >
>> > I am looking at VPN access layer scenarios, and cant seem to get my head
>> > around someone doing SSL VPN over a leased line..I mean why would
>> someone do
>> > that? Before we get into "have you considered" here is what I did
>> consider:
>> >
>> > 1. Having a leased line connection into someone's infrastructure does
>> not
>> > mean traffic over that link is being encrypted. In order to do that, we
>> > could simply do IPSec site to site VPN [let's say the IPSec platforms
>> are
>> > already in place]. To encrypt end to end [host to host],there is not
>> much
>> > that the network infrastructure can do, as this is upto the end hosts.
>> >
>> > 2. It might be difficult to get an internet connection somewhere [or
>> maybe a
>> > lousy one], but the local telco could give you a leased line instead?
>> Hard
>> > to digest...
>> >
>> > 3. Maybe the requirement is to have a leased line, between the
>> > two infrastructures instead of leveraging an internet connection due to
>> SLA
>> > issues [internet = no SLA]. However that would be covered under point 1
>> > above, and deploying a SSL VPN platform still wont provide an end to end
>> > encryption between the hosts.
>> >
>> > Have you folks ever come across a scenario of SSL VPN over a leased
>> line,
>> > and why would someone deploy this type of access model [leased line that
>> > is]? Any pointers/experiences would be appreciated.
>> >
>> > thanks in advance.
>> >
>> > Al
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Best Regards
>
> Mohammed Abdul Razzaq
Blogs and organic groups at http://www.ccie.net
Received on Sun Nov 15 2009 - 21:05:38 ART
This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:29 ART