VPN's Strategic Location?
Eric Vyncke
evyncke at CISCO.COM
Mon Apr 30 16:14:24 EDT 2001
Ed,
Just about our encapsulation of IPSec in UDP. AFAIK, it does not change the
security of IPSec per se as it does not change the IKE or IPSec protocols.
It is just to allow NAT traversal, so, it will not change the security or
the placement of the VPN vs the firewall.
Note: if your firewall is also doing NAT, then if you place the VPN3000
behind the firewall, you will need to use the UDP encapsulation (except if
FW-1 can NAT an IKE/IPSec tunnel).
-eric
At 12:32 26/04/2001 -0700, Tech, Ed wrote:
>Hello Everyone,
>We are in the testing mode of a Cisco VPN 3030 concentrator which seats
>behind a CheckPoint Firewall.
>Please provide pros and cons of different locations for a VPN concentrator.
>Another setup is to have it side by side with a Firewall behind the
>Internet router.
>What are the pros and cons of this setup as oppose to having the VPN box
>seat behind a firewall?
>Also, I've read that the Cisco VPN 3030 uses IPSec over UDP.
>This is the highest or most secure tunnelling protocol that the VPN 3030
>can implement.
>Why is this not as secure as what they call a Native IPSec?
>Will IPSec over UDP affects the most secure placement of the VPN 3030?
>Please provide your opinions folks.
>thanks to everyone,
>Ed
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list