Re: large-scale IPSEC tunnel deployment
Hello, Does anyone have any experience with large scale production IPSEC tunnel deployment, where large scale is defined as over 100 net-to-net tunnels to different destination networks active at any time? If so, would such person(s) mind sharing any quirks/platforms/implementations for more or less automated topology testing/verification? Orchestream has some of this functionality for setting the tunnels up, you can then use the corba interface to setup management with tools like SMARTS. The other problem is managing the keys, if you don't have a CA it will be painful if you need to change the keys. We have had some success with RSA's CA platform and IOS on this. Neil.
Re: large-scale IPSEC tunnel deployment
Orchestream has some of this functionality for setting the tunnels up, you can then use the corba interface to setup management with tools like SMARTS. The other problem is managing the keys, if you don't have a CA it will be painful if you need to change the keys. We have had some success with RSA's CA platform and IOS on this. Since you are saying some success would you mind elaborating on what did not work well with IOS? Thanks, Alex
large-scale IPSEC tunnel deployment
Hello, Does anyone have any experience with large scale production IPSEC tunnel deployment, where large scale is defined as over 100 net-to-net tunnels to different destination networks active at any time? If so, would such person(s) mind sharing any quirks/platforms/implementations for more or less automated topology testing/verification? Thanks, Alex
