l***y 发帖数: 791 | 1 what pc? what vpn client? what vpn gateway? |
|
z**r 发帖数: 17771 | 2 windows xp, Cisco vpn client 4.05, Cisco Concentrator |
|
z**r 发帖数: 17771 | 3 o, i c
I was wondering why I was not able to sniff any thing on the regular interface |
|
c*a 发帖数: 806 | 4 just got a new Juniper 5gt-wlan at home to play with. It's too powerful to be
used for home gateway. guess, juniper needs a real low-end product to compete
with Linksys or any other home networking appliance.
Anyway, 5gt is not meant for home use.
It supports
- 3 layer3 Wireless LAN/SSIDs,
- 3 wired layer3 LAN's
- Trend Micro AntiVirus
- SurfControl/WebSense URL Filtering
Good if you have kids at home:)
- Multicast
- IPSec VPN Gateway
- L2TP VPN |
|
z**r 发帖数: 17771 | 5 看上去不错,MACSec,比较像IPsec厚厚。主要用于wired switch上面,wi-fi上还是802.
11i,以及可能的WAPI。
就是不知道能有多少switch吃得消这么大的开销。 |
|
b*****i 发帖数: 1 | 6 anybody has try to setup the VPN server + client on Linksys WRV54G router and
Windowx XP SP2 IPSec client ?
OR directly connect two WRV54G Routers in difference LAN.
thanks, |
|
z**r 发帖数: 17771 | 7 抛砖引玉,欢迎大家补充。
最早的NAT的确就是像字面意义一样,basic nat只做ip address translation,这样的
最大弊端就是一个private ip就要对应ip pool里的一个public ip,但是好处也很多,
比如对application基本上透明,传输速度最快(因为只修改ip address and ip
checksum),也解决了private ip reuse的问题等等。
后来有了PAT,其实official term应该是NAPT(network address port translation)。
这个大大节省了public ip,internal-external mapping不再是简单的ip address关系
了,而是引入了TU,这个时候,不仅仅要rewrite ip address,还要修改port number以
及相对应的checksum。然而,这个时候的应用便只局限于tcp/udp/icmp了。
然而IPSec等却不是tcp/udp应用。对于AH/ESP等,还要依赖于各个layer的checksum,
encryption等等 |
|
m**t 发帖数: 1292 | 8 in fact, any none (IP|UDP/TCP) were having problems, such as IPinIP tunneling,
also certain application level protocols are having issues with NAT due to
design defects, an example is IKEv1. Anyway, as additional info, other than
voIP, there were RFCs or drafts in IPsec, MOBIKE, MIPv4 WG, MIPv6 WG targeting
the NAT traversal issues.
。 |
|
z**r 发帖数: 17771 | 9 嗯,俺只是拿ipsec做了个例子。
nat-t的发展现在应该说已经比较成熟了,uPnP和ICE应该会是将来解决这个问题的主要两
个手段,尤其ICE,由两大巨头Cisco和Microsoft牵头。等俺有时间了或者谁这方面可以
share一下经验,弄个帖子出来总结一下
tunneling,
targeting |
|
z**r 发帖数: 17771 | 10 嗯,俺只是拿ipsec做了个例子。
nat-t的发展现在应该说已经比较成熟了,uPnP和ICE应该会是将来解决这个问题的主要两
个手段,尤其ICE,由两大巨头Cisco和Microsoft牵头。等俺有时间了或者谁这方面可以
share一下经验,弄个帖子出来总结一下
tunneling,
targeting |
|
m**t 发帖数: 1292 | 11 Saw the stuff before, there is a filtering layer built below the IP stack on
each node, all the nodes share a same virtual IP and MAC address. It is not
popular method but it is do-able. The advantage is that the cluster does
not need a seperate load balancer to do the load balancing but rather push
the function to individual nodes, it is also able to provide service to IP
level apps such as IPsec, MIP etc so those IP layer addon can potentially
benefit from seeing all the communication states a |
|
h******g 发帖数: 18 | 12 【 以下文字转载自 Working 讨论区 】
发信人: hanzhong (myhome), 信区: Working
标 题: Network test engineer opennings in Cisco
发信站: BBS 未名空间站 (Sat May 26 13:41:22 2007)
We have 2 opennings for network system test engineers in my group. We do
large scale network system test for Cisco products.
Here are the requirements:
1. Hands-on experience on networking technologies including OSPF, BGP, MPLS
VPN, Multicast, QoS, IPSec, etc.
2. Cisco certificates like CCIE are highly valued.
3. With pragrmming experience in Tcl, P |
|
s*****g 发帖数: 1055 | 13 Could you please elaborate what are the security concerns of option B and
option C?
And how are those security concerns are addressed by option A?
IPsec over MPLS is always an option if customers are paranoid. |
|
r*****k 发帖数: 565 | 14 【 以下文字转载自 Security 讨论区 】
发信人: rollfuk (叠罗汉), 信区: Security
标 题: 关键词:raw socket, python, sec tunnel, twisted
发信站: BBS 未名空间站 (Sun Mar 23 09:23:53 2008)
本人在做个course project,题目是实现个类似sTunnel得东西,也就是encode任意一
个指定端口发出去的ip packet,然后再远端decode. 加密准备用ipsec
由于本人对c/c++知识基本为0,所以选择了python
我准备用twisted里的对网卡建立个raw socket,然后察看每一个packet,确定来自指
定端口就重建该packet
想请达人指教是否可行. (我实在不确定packet filtering用python能否做到) |
|
j****r 发帖数: 30 | 15 You can do it easily without programming. Set up a IPSec VPN, use access
list for telnet or ftp. You can use cheap routers like Cisco, Netscreen,
or even Linksys, Netgear, or use openvpn between the hosts. |
|
h**a 发帖数: 108 | 16 1) GRE Tunneling
2) And IPSEC/PPTP VPN from external.
Thanks a lot in advance. |
|
j*a 发帖数: 14423 | 17 any suggestion? we need sth way cheaper than Cisco 1841. |
|
c*a 发帖数: 806 | 18 jnpr 5gt. the new model is ssg5 with dual radio 11a/b/g |
|
c*a 发帖数: 806 | 19 if really _way cheaper_, then neither cisco nor jnpr wuld be an option
try some generic replacement rather than brand name |
|
z**r 发帖数: 17771 | 20 you want a cisco router or what? if Cisco router, as I said in previous post
, a cisco 800 series router is much cheaper than 1841. |
|
|
|
|
|
c*a 发帖数: 806 | 25 I'm a frequent visitor of CVS pharmacy these days:( |
|
z**r 发帖数: 17771 | 26 what's going on? last time I saw your post on NG board, are your wife and
baby doing ok? |
|
S******n 发帖数: 617 | 27 我用过Linksys,换成了DD-WRT,很便宜,呵呵,它家网站有很详细的介绍,软件,
路由器型号细节等等。 |
|
j*a 发帖数: 14423 | 28 暂时找到两个型号的RV042和WRV54G for business
有其它公司类似的产品可以推荐么? |
|
S******n 发帖数: 617 | 29 上一帖有点误导,我说的网站是dd-wrt,不是Linksys.
几十块的路由器(buffalo之类的)换了软件基本都能支持你要求的功能。 |
|
|
s*****g 发帖数: 1055 | 31 If you guys know more about actual technical details, why don't you share
with other people? for example, I am interested to know how a website can be
blocked in real time based on its contents, if the connection is encrypted
(say via IPsec/SSL), how can the contents be analyzed?
A "hehe" reply does not help anybody and it does not prove you are
knowledgeable either. |
|
w**l 发帖数: 49 | 32
您的问题不是IPSEC VPN也不是SSL/VPN。您是在寻找一个remote access的问题。 |
|
z**r 发帖数: 17771 | 33 man, it's horrible :), they are about the same regarding efficiency
mpls vpn: 2 labels, l2tpv3/GRE: 1 label, ipsec: 1 label, plus the layer 2/3
headers, think about it ...
vs |
|
m**t 发帖数: 1292 | 34 来自主题: EmergingNetworking版 - 求面经!!
ipsec
is
I belive on ASA there is an option somewhere to turn on/off communication
between remote nodes |
|
|
h******l 发帖数: 422 | 36 CISCO AnyConnect handles 64-bit SSL VPN.
For IPSec there is a free VPN Client for 64-bit vista called Shewsoft VPN:
http://www.shrew.net/download |
|
s*****g 发帖数: 1055 | 37 ISRs/7200/7600 with encryption module are other options, Cisco ASA does not
support GRE/IPsec, big limitation if multicast or dynamic routing protocol
is required.
concerns |
|
s*****g 发帖数: 1055 | 38 Internally why would an enterprise need mVPN? they can either run GRE over IPsec or
DMVPN or if they get MPLS-VPN service from a provider, mVPN would be totally
transparent to enterprise. |
|
z**r 发帖数: 17771 | 39 well, MPLS was orginally designed for providers, but actually many big
enterprise networks deployed MPLS to their backbone as well. large
enterprise network can be very similar to a provider network, say Boeing,
which has about over 1M ports, the network is bigger than 90% providers in
US. So is IBM, AT&T IT, etc.
and sometimes, it's not the reason of network size, instead it's the
operational issues, say, 3 companies merge together, it would be easy to
have them on separate VPNs
IPsec or
total |
|
s*****g 发帖数: 1055 | 40 http://www.vyatta.com/
The idea is not new at all, but Vyatta is claiming is that its software
running on a out-of-shelf PC has better performance than Cisco ISRs.
It has most critical features a small to medium enterprise edge box would need, routing protocols, firewalling, site2site and remote access VPN (especially GRE/IPsec), IPS/IDS, VoIP, QoS etc. I highly doubt that it can compete with Cisco ISR in terms of performance,IOS is purposely built for fast-switching packets after all, besides I |
|
s*****g 发帖数: 1055 | 41 If each user needs a unique IP, that unique IP has to be from RFC1918 space,so you are looking at VPN service, IPsec or SSL probably too complicated for average 网友. PPTP is a good choice because Microsoft has free PPTP client, what you need to do is to rent equipment from DataCenter providers here, you will need load balancers,a lot of back end PPTP servers, authentication servers etc, for backend servers, I would go with OpenSource solution to cut costs.
Still the cost could be daunting, how ma |
|
z**r 发帖数: 17771 | 42 俺觉得他是找一个加密的proxy server,这个proxy server怎么可能分配IP地址给中国
用户,除非他要的是你说的这类VPN service
space,so you are looking at VPN service, IPsec or SSL probably too
complicated for average 网友. PPTP is a good choice because Microsoft has
free PPTP client, what you need to do i
such service? |
|
t*******r 发帖数: 3271 | 43 没别的TOPIC了吗?
IPSEC我真的是不懂的. |
|
m******9 发帖数: 104 | 44 Check your router. Make sure it is ipsec bypass enabled. Some router is
disabled by default. |
|
f*******8 发帖数: 3612 | 45 多谢,
原来多年确实对技术和职业方面用心太少。经常被被别的事情吸引走。
最近意识到,应该认真尽快达到对这个行业的前后左右有个清晰的认识。
刚看了一下CCIP,能否说CCIE 是CCIP + CCNP
另外, 所谓mpls vpn更有效率,是不是指相对IPsec等等。
再一个,data center cloud 里有没有专门的网络工程师,需要什么skill set。
cloud里大概有几类专家就可以搞定了。 |
|
s*****g 发帖数: 1055 | 46 MPLS VPN is efficient in the way it can be provided as a service by ISPs
MPLS VPN makes inter-connecting private networks over Internet not only
possible but easier and scalable. From customer's point of view, the service is transparent.
IPsec VPN is mostly point to point (DMVPN developed by Cisco is an exception
) it is over Internet but managed by customers themselves, i.e. ISPs are not
involved.
MPLS VPN does not address encryption, technically ISPs can see your traffic
in clear text. |
|
w***s 发帖数: 321 | 47 RFC3809/4026,就是运营商部署的这些有MPLS,没MPLS,L2/L3的。要和用户部署的IPSec/SSL
VPN有个区分。 |
|
k*****s 发帖数: 231 | 48 What vpn you are talking about? L2 or L3? IPsec or MPLS, or something else? |
|
|
i**p 发帖数: 902 | 50 One more question. Look at the picture (below) in attachment, will mypc be assigned
a new IP (say 192.168.1.34) by the VPN gateway in order to access server 192
.168.1.33? This is IPsec, assuming my pc is a dialup user.
If my pc will not be assigned a new IP when VPN is set, is there any case/
setting which will cause q new IP is assigned?
currently is not for sale." |
|