RE: GET VPN on public internet

If you don't have the money for public addresses how are you going to
provide one to one NAT for two way communication? You will have all sorts
of design shortfalls. Thus the reason GetVPN is not recommended over the
internet.

Regards,

Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: <mailto:tscott_at_ipexpert.com> tscott_at_ipexpert.com

From: imran ali [mailto:immrccie_at_gmail.com]
Sent: Saturday, February 05, 2011 1:56 PM
To: Tyson Scott
Cc: Piotr Matusiak; Cisco certification
Subject: Re: GET VPN on public internet

Thanks Tyson ,

so there is despondency on DMVPN in order to run GET on public cloud.

Any workarounds such as NAT so that i can run GET naively on public internet
without DMVPN.?

On Sat, Feb 5, 2011 at 9:38 PM, Tyson Scott <tscott_at_ipexpert.com> wrote:

Use Get VPN over DMVPN. That is the solution you should use if you have
private address space.

Regards,
 
Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
imran ali
Sent: Saturday, February 05, 2011 12:51 PM
To: Piotr Matusiak
Cc: Cisco certification
Subject: Re: GET VPN on public internet

Thanks for reply Piotr Matusiak ,

But i cant afford all public ip address for my pc's . I just want to use one
public ip address and nat all private ip address and still use GET VPN
rather than point to point IPSEC tunnels.

the set up that i have

R1---to ----R5 all connected to internet with different single public ip's
depending on locations.Running traditional IPSEC among them. (5*4)/2=10
tunnels.

now i just want to migrate to GET . is it possible ?

or do i need to integrate GET with DMVPN ?

On Sat, Feb 5, 2011 at 8:23 PM, Piotr Matusiak <pitt2k_at_gmail.com> wrote:

> You can. GET technology however is mainly positioned for WAN (private)
> usage. Why is it not recommended to use over the Internet? This is because
> GET preserves original IP address and it is hard to introduce any further
> security like filtering. If one uses only Public IP addresses it is OK to
> use GET over the Internet.
>
> HTH,
> --
> Piotr Matusiak
> CCIE #19860 (R&S, Security), CCSI #33705
> Technical Instructor
> website: www.MicronicsTraining.com
> blog: www.ccie1.com
>
> If you can't explain it simply, you don't understand it well enough -
> Albert Einstein
>
>
> 2011/2/5 imran ali <immrccie_at_gmail.com>
>
>> HI security experts ,
>>
>> why cant i use GET on internet . i can use nat to change the source ip
>> address to make it routable over the internet. ?
>>
>> regards
>> ignore my ignorance
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sat Feb 05 2011 - 14:08:12 ART