+ Reply to Thread
Page 2 of 2 First 12
Results 26 to 28 of 28
  1. Senior Member Turgon's Avatar
    Join Date
    Apr 2007
    Location
    Great Britain
    Posts
    6,250

    Certifications
    CCIE counter..993 Lab Hours.... 532 Reading.
    #26
    Quote Originally Posted by itdaddy View Post
    I guess what I should of said was not everyone is on the same ban wagon whent it comes to IPSEC protocols and it is dependent on who is using what. Some ISPs use this and some ISPs use that and some companies use this protocol..and or block these ports....It is just very picky, but I agree with what you are saying you have valid points and valid questions.
    I mean it just seems to be a lot of work sometimes. We have IPSEC vpns at my work here and believe me, it gets crazy when someone changes something so small it wacks it out! And with vpn/ssl type technology
    it does the job and is efficient that is what I mean..

    and Yes, I agree vpn/ssl is very young yet!
    but I still love it hee hee
    I know I am lazy, but I like stuff that is not so time wasting let us get on to other stuff.

    WastedTime, explain how you mean IPSEC is mand. with IPV6 I dont get it
    I have set up IPV6 at home and I dont need IPSEC??? Explain please
    thanks....
    IPv6 has native authentication support. OSPFv3 uses this rather than implementing it's own authentication mechanisms. It uses Authentication Header (AH) and Encapsulating Security Payload (ESP) protocols for authentication. Because these are part of the IPsec protocol you must configure IPSec security policies to use. Haven't done this myself so would defer to Ahriakin if you want more details.

    SSL/VPN is making inroads. But everywhere I work I find site to site VPNs using IPSec. Some of these have been running for years between external companies. They can be a pain to set up between different companies using different vendors and if you are short on knowledge they most likely will not work right first time. But they are there, and regardless of what alternatives exist now and will emerge in the furture, they need to be supported today and migrated at some point. On a certification level I see useful technologies being dropped off exams and syllabus over time. While newer technologies may well be the direction the market wants to head off in, the direction in the field is often a few years behind. So (for example) a lot of folks struggle with ISDN or other dialers when a migration project is on the table or issues ensue with was already deployed in the field.
    Last edited by Turgon; 09-27-2009 at 11:37 AM.
    Reply With Quote Quote  

  2. SS -->
  3. Juniper Moderator Moderator Aldur's Avatar
    Join Date
    Sep 2007
    Location
    WY
    Posts
    1,456

    Certifications
    JNCIE-SEC#67, JNCIE-SP#383, JNCIE-ENT#47
    #27
    Quote Originally Posted by Ahriakin View Post
    The only advantage it offers over IPSec (and it is a fair one) is convenience for the end use and then ONLY when you're talking about clientless vs. thick client installs . It's advantages for through PAT are only down to using TCP as the transport and you can encapsulate ESP inside UPD or TCP easily enough.
    Well put.

    SSL is more for ease of use for a client to access protected resources not for site to site security.

    IPsec is more efficient but doesn't have that clientless ability that SSL does. Just imagine if you had to download and install a IPsec application to access your banking info online. In that regards you would also have to do this with any site that needed it's users to gain secure access to it. This just isn't feasible.

    SSL takes this role with allowing the security to occur right in the browser. No messy client install necessary. But as with anything in this world, when you focus on ease of use efficiency goes out the window.

    SSL VPN's have their place but I don't seem them replacing IPsec VPN's anytime soon. I couldn't imagine setting up a SSL VPN for bulk data transfer between an HQ and a remote office.
    Reply With Quote Quote  

  4. Senior Member itdaddy's Avatar
    Join Date
    Jan 2006
    Posts
    2,081

    Certifications
    A+, MCP, CCNA R/S, CCNA-Security, CCNA Collaboration, CCNP R/S
    #28
    hey thanks for all the information and help. We appreciate your input. really. I know I do. Thank you
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 2 First 12

Social Networking & Bookmarks