Security Basics mailing list archives
RE: IPX over IPSec VPNs or SSL VPNs
From: "Mark Lewis" <mark () mjlnet com>
Date: Thu, 21 Jul 2005 00:15:04 +0100
Well, both of these protocols are obviously TCP/IP based: 1. IPsec operates at layer 3 and transports IP. 2. SSLv2/3 & TLS operate at layer 4 and sit on top of TCP. The fact that both are TCP/IP based is the source of the 'issue' of non-IP non-transport (!), of course. There are, however, a couple of ways around this problem: 1. use GRE over IPsec: in this case, GRE is be used to transport non-IP protocols (such as IPX), and IPsec protects GRE. 2. use L2TPv2/3 over IPsec: L2TPv2 is used to tunnel PPP, which can, in turn be used to transport non-IP protocols. L2TPv3 can be used to transport a number of layer-2 protocols including Ethernet (802.1Q/raw Ethernet), Frame Relay, PPP, HDLC (& HDLC-like such as X.25), and ATM (cell-relay/AAL5)- and all of these layer-2 protocols can be used to transport non-IP. IPsec can be used to protect both L2TPv2 and L2TPv3 tunnels. As far as SSL/TLS is concerned- some of the SSL VPN clients are becoming quite sophisticated (eg. Cisco's SSL VPN client), but none as far as I know has yet been adapted to transport non-IP. And I must admit I doubt whether any SSL VPN client will be (though please let me know if you hear of one!!). So, here are a couple of links: http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_examp le09186a0080093f70.shtml http://www.cisco.com/en/US/netsol/ns341/ns396/ns172/ns155/networking_solutio ns_white_paper09186a008017fa6e.shtml http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_examp le09186a0080093f6f.shtml Hope that helps, Mark CCIE#6280 / CCSI#21051 / JNCIS#121 / etc. Author: www.ciscopress.com/1587051044
-----Original Message----- From: sh4k3sph3r3 [mailto:sh4k3sph3r3 () gmail com] Sent: 20 July 2005 11:59 To: security-basics () securityfocus com Subject: IPX over IPSec VPNs or SSL VPNs Hi folks, Anybody know whether IPX traffic can be send thru IPSec VPNs or SSL VPNs. Really appreciated if you guys can direct me a link. Cheers. --th0ny--
Current thread:
- IPX over IPSec VPNs or SSL VPNs sh4k3sph3r3 (Jul 20)
- RE: IPX over IPSec VPNs or SSL VPNs Mark Lewis (Jul 21)
- Re: IPX over IPSec VPNs or SSL VPNs Oleksandr Darchuk (Jul 21)
- <Possible follow-ups>
- Re: IPX over IPSec VPNs or SSL VPNs 123 (Jul 21)
- Re: IPX over IPSec VPNs or SSL VPNs Mark Lewis (Jul 22)