[ednog] IPSec vs SOHO NAT
Julian Y. Koh
kohster at northwestern.edu
Tue Jun 14 11:04:16 EDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
At 10:58 -0400 06/14/2005, Frank Sweetser wrote:
>Have you ever run into TCP over TCP issues with this?
>
>http://sites.inka.de/sites/bigred/devel/tcp-tcp.html
Not that I've seen at least, and I'm probably the person at NU that uses
the Cisco client the most. 80+% of our users opt for PPTP, since those
clients are built into the OS, and thus that's what our Tech Support arm
has been pushing as the default. The problem is that PPTP
encryption/decryption is not done in hardware on the Cisco 3000, so we've
run into some CPU starvation issues on the concentrator side. The solution
there is to transition the default configuration to use L2TP/IPSec, but
we're going to have to keep PPTP around for a while to service people who
refuse to switch as well as Mac OS X users. The L2TP/IPSec client built
into OS X 10.3 and higher doesn't work from behind NAT devices. Apple and
Cisco are supposedly working on fixing this issue.
But I've digressed, I see. :)
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.1 (Build 2185)
Comment: <http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
iQEVAwUBQq7j1i5elU+tqml1AQEQ0wf/Tmi2jl9mqxRTp3/d66Ca4U/as+YFXxOL
LyQsOsx/PnAl0sWE90fRFMLBWM9SSWq3d0wLylQCBIdrZ5zIJDeth8UKNI/p0beR
wqqEomA7R48LyYW4/AFpKqYmGSUKcqFjkq2U9ZedCdO3UVKjhUSu2nkrKn/jOGe9
taLVs3hlsuppA1RMfwl4im5DstARt5uL4hh9dMz9eAgbvmx1ozyXQUoqbD1vDusN
mWbnyZzn09H6AT0pQ9e973e/+cgBSIHQ7nMN8jZQRQ/pHX3pJDzAJXW5MZO9kfKw
7DddbotccEhIRC92xlqLxmBHe2ELxzka2/v8/XFklO65kZCORHgRZA==
=OL3H
-----END PGP SIGNATURE-----
--
Julian Y. Koh <mailto:kohster at northwestern.edu>
Network Engineer <phone:847-467-5780>
Telecommunications and Network Services Northwestern University
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
More information about the ednog
mailing list