[c-nsp] IPSEC Transport mode
Ziv Leyes
zivl at gilat.net
Wed Jun 18 10:12:29 EDT 2008
We need to find a way to encrypt the data BEFORE the acceleration and from what I've read, is not possible to accelerate TCP when the data is inside an encrypted tunnel, so the possible way to be able to spoof the TCP is in transport mode instead of tunnel mode of the IPSec.
But that's only based on what I've read on the web, perhaps I'm missing something.
If the only way to do it is using only two routers, is somebody willing to share a sample config of a GRE/IPIP tunnel with transport encryption within?
Thanks,
Ziv
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jeremy Stretch
Sent: Wednesday, June 18, 2008 12:32 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] IPSEC Transport mode
Ziv,
I have a setup very similar to what you describe, a transport mode
tunnel between two 3725s connected via satellite. We have accelerators
in place but I'm not familiar with them. It's a fairly standard setup;
what do you need to know?
stretch
http://packetlife.net
Ziv Leyes wrote:
> Hi,
> I'm making a VPN Site to Site tunnel in a lab test between a Cisco 1840 router and ASA5510, each one connected behind a satellite link, because of the high latency in such setup (1300ms RTT) we're trying to implement acceleration and the appliance we're trying to implement needs the VPN to encrypt in transport mode in order to be able to accelerate the traffic, the appliance knows to "ignore" the ESP protocol and accelerate/compress the data, it can't do nothing on an IPSec in tunnel mode.
> I searched the web and the only thing I've found was a proposed setup with GRE or L2TP tunnel and then encrypting the data that goes through the tunnel.
> Does somebody know what I'm talking about? I'll appreciate some ideas.
> Thanks,
>
> Ziv
>
>
>
>
>
>
>
> ************************************************************************************
> This footnote confirms that this email message has been scanned by
> PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
> ************************************************************************************
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************
More information about the cisco-nsp
mailing list