Re: Cisco Firewall IOS question

[Leonard Miyata <leonard () geminisecure com>]

Lets See Now...

GRE: There is no provision for encryption of GRE packets (check the RFC),
however, some protococols that use GRE do support encryption. As an
example, Microsoft PPTP (tunneled serial link) uses GRE over IP for
packet transport, but the encryption is a part of PPTP not GRE.

L2TP: There is no provision for encryption. The current draft assumes
that confidentiality will be provided by IPSEC packet encryption. 

L2F: ???

No doubt that the Cisco box suports IPSEC. With IPSEC enabled, you can 
secure anything via tunneled IP over IPSEC. Now if we only had a working
PKI to solve the key management/distribution problem....

Personal Opinions Provided by
Leonard Miyata
aka leonard () geminisecure com

On Mon, 5 Oct 1998, Chris Hughes wrote:

> Cisco claims that its firewall IOS can provide secure data transfer over
> public lines (such as the Internet) using any of the following protocols:
>
> - Generic Routing Encapsulation (GRE) Tunneling
>
> - Layer 2 Forwarding (L2F)
>
> - Layer 2 Tunneling Protocol (L2TP)
>
> - Quality of Service (QoS) controls: prioritize applications and allocate
> network resources to ensure delivery of mission-critical application traffic
>
> Do any of these protocols actually encrypt the data??  Seems to me that the
> answer is no, but I'm not suire...
>
> Also, Cisco claims that their network-layer encryption capability prevents
> eavesdropping or tampering with data across the network during transmission.
> Does anyone know what type of encryption they use?  Could this be utilized
> in tandem with the aforementioned protocols to achieve security for VPN over
> the internet?
>
> Comments welcome....