RE: GET VPN on public internet from Tyson Scott on 2011-02-05 (Ccielab archives 02/2011)

From: Tyson Scott <tscott_at_ipexpert.com>
Date: Sat, 5 Feb 2011 13:38:02 -0500

Use Get VPN over DMVPN. That is the solution you should use if you have
private address space.

Regards,

Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
imran ali
Sent: Saturday, February 05, 2011 12:51 PM
To: Piotr Matusiak
Cc: Cisco certification
Subject: Re: GET VPN on public internet

Thanks for reply Piotr Matusiak ,

But i cant afford all public ip address for my pc's . I just want to use one
public ip address and nat all private ip address and still use GET VPN
rather than point to point IPSEC tunnels.

the set up that i have

R1---to ----R5 all connected to internet with different single public ip's
depending on locations.Running traditional IPSEC among them. (5*4)/2=10
tunnels.

now i just want to migrate to GET . is it possible ?

or do i need to integrate GET with DMVPN ?

On Sat, Feb 5, 2011 at 8:23 PM, Piotr Matusiak <pitt2k_at_gmail.com> wrote:

> You can. GET technology however is mainly positioned for WAN (private)
> usage. Why is it not recommended to use over the Internet? This is because
> GET preserves original IP address and it is hard to introduce any further
> security like filtering. If one uses only Public IP addresses it is OK to
> use GET over the Internet.
>
> HTH,
> --
> Piotr Matusiak
> CCIE #19860 (R&S, Security), CCSI #33705
> Technical Instructor
> website: www.MicronicsTraining.com
> blog: www.ccie1.com
>
> If you can't explain it simply, you don't understand it well enough -
> Albert Einstein
>
>
> 2011/2/5 imran ali <immrccie_at_gmail.com>
>
>> HI security experts ,
>>
>> why cant i use GET on internet . i can use nat to change the source ip
>> address to make it routable over the internet. ?
>>
>> regards
>> ignore my ignorance
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sat Feb 05 2011 - 13:38:02 ART

This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:49 ART