Security Basics mailing list archives

RE: IPX over IPSec VPNs or SSL VPNs

From: "Mark Lewis" <mark () mjlnet com>
Date: Thu, 21 Jul 2005 00:15:04 +0100

Well, both of these protocols are obviously TCP/IP based:

1. IPsec operates at layer 3 and transports IP.

2. SSLv2/3 & TLS operate at layer 4 and sit on top of TCP.

The fact that both are TCP/IP based is the source of the 'issue' of non-IP
non-transport (!), of course. There are, however, a couple of ways around
this problem:

1. use GRE over IPsec: in this case, GRE is be used to transport non-IP
protocols (such as IPX), and IPsec protects GRE.

2. use L2TPv2/3 over IPsec: L2TPv2 is used to tunnel PPP, which can, in turn
be used to transport non-IP protocols. L2TPv3 can be used to transport a
number of layer-2 protocols including Ethernet (802.1Q/raw Ethernet), Frame
Relay, PPP, HDLC (& HDLC-like such as X.25), and ATM (cell-relay/AAL5)- and
all of these layer-2 protocols can be used to transport non-IP. IPsec can be
used to protect both L2TPv2 and L2TPv3 tunnels.

As far as SSL/TLS is concerned- some of the SSL VPN clients are becoming
quite sophisticated (eg. Cisco's SSL VPN client), but none as far as I know
has yet been adapted to transport non-IP. And I must admit I doubt whether
any SSL VPN client will be (though please let me know if you hear of one!!).

So, here are a couple of links:

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_examp
le09186a0080093f70.shtml

http://www.cisco.com/en/US/netsol/ns341/ns396/ns172/ns155/networking_solutio
ns_white_paper09186a008017fa6e.shtml

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_examp
le09186a0080093f6f.shtml


Hope that helps,

Mark



CCIE#6280 / CCSI#21051 / JNCIS#121 / etc.

Author: www.ciscopress.com/1587051044

-----Original Message-----
From: sh4k3sph3r3 [mailto:sh4k3sph3r3 () gmail com]
Sent: 20 July 2005 11:59
To: security-basics () securityfocus com
Subject: IPX over IPSec VPNs or SSL VPNs

Hi folks,

Anybody know whether IPX traffic can be send thru IPSec VPNs or SSL VPNs.

Really appreciated if you guys can direct me a link.

Cheers.
--th0ny--

Current thread:

IPX over IPSec VPNs or SSL VPNs sh4k3sph3r3 (Jul 20)
- RE: IPX over IPSec VPNs or SSL VPNs Mark Lewis (Jul 21)
- Re: IPX over IPSec VPNs or SSL VPNs Oleksandr Darchuk (Jul 21)
- <Possible follow-ups>
- Re: IPX over IPSec VPNs or SSL VPNs 123 (Jul 21)
- Re: IPX over IPSec VPNs or SSL VPNs Mark Lewis (Jul 22)