We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

IPSec

Medium Priority
1,060 Views
Last Modified: 2012-05-07
What are the advantages and disadvantages of implementing IPSec using these methods:

1. Gateway to Gateway (using Firewall features)
2. Gateway to Gateway (using Router)
3a. Host to host (tunnel mode)
3b. Host to host (transport mode)

Is it true that IPSec theory host to host (tunnel mode) does not work in practice? What are common mistakes in implementing IPsec.
Comment
Watch Question

Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Hi Nothing Changed,

Thanks.

We try not to use Firewall. This is because this network is a private WAN (there is no Internet connection). The external threat can be seen as negligible - only have to worry with internal threat (by applying physical security to ensure there is no internal intrusion). The HQ LAN connect to serveral regional LAN, (geographically separated) via Router and through MPLS (IP VPN).

If we are using Firewall to implement IPSec, we have to install one firewall for each site which may be costly (if there 10 LAN (sites) we are going to install 10 of those firewall).

The objective is to increase the security by applying encryption and authentication for all traffic that run through the WAN.

Can you also explain on SSH?
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Hi Nothing Change,

Before I closed the question, can you confirm my understanding:

1. Gateway to Gateway (using Firewall features) - Can be one best solution for IPSec. However for closed network it is not cost effective.
2. Gateway to Gateway (using Router) - This is the best and cost effective solution for implementing IPSec
3a. Host to host (tunnel mode) - It is complicated and difficult to manage
3b. Host to host (transport mode) - It is complicated and difficult to manage

Use SSH or SSL for endpoint to endpoint encryption.

BTW you have not answer this question:
Is it true that IPSec theory host to host (tunnel mode) does not work in practice?

Author

Commented:
Hi Nothing Change,

I want to closed this question. Can you respond to my confirmation note.
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks a lot. I think I have enough explaination. I will closed the question.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.