NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] VPN with OSPF



Well here is some fun info I found on the internet discussing mulitcasts and
IKE

http://sunsite.dk/RFC/rfc/rfc2764.html     (read section 3.1.4)

http://www.cc.gatech.edu/~judge/sec_mcast/ppframe.htm

http://www.tml.hut.fi/Opinnot/Tik-110.501/1995/multicast.html#intro




>  -----Original Message-----
> From:         Ekblad, Eric M
> Sent: Thursday, November 01, 2001 12:29 PM
> To:   '[email protected]'
> Cc:   Cardona, Alberto
> Subject:      [FW-1] VPN with OSPF
>
> YES, YES.
>
> IPSec, by the IETF, will not carry multicasts and broadcasts.
>
> That is why routing protocols MUST be ENCAPSULATED in a GRE header BEFORE
> encapsulating again in ESP and encrypting.  THE GRE header converts the
> multi/broad into a unicast.  The overhead is not TOO bad (51-58 for ESP
> and 40? for the GRE header).
>
> The question is: can a Nokia appliance support GRE (virtual) interfaces?
> I do not know, myself.  The Cisco handles this with an interface tunnel
> (this is a "virtual" interface inside of the same IPSec router).
>
> Cisco has this solution.  It works.  Disregard the IPX (IPX must also be
> GRE tunneled; IPSec = IP traffic ONLY!)
>
> http://www.cisco.com/warp/public/707/ipsec_gre.shtml
>
> DO NOT use 12.0 mid-range code.  Also, TURN OFF route-caching (no ip
> route-cache).  Many IOS defects are tied to this.
>
> Eric
>
>
> > Is anyone running site to site IPsec VPNs and using OSPF?
> > If so did you have to implement GRE?
> >
> >
> > Thanks
> >
> >
> AC

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.