Re: [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is.

2017-09-13 Thread Mike Sullenberger (mls)
Linda, If you want to securely encrypt traffic between endpoints then you are going to need to build point-point encrypted tunnels between these endpoints, this is the main reason that SD-WAN implementations use either a full-mesh or dynamic-mesh of point-point tunnels. If you rely on a

Re: [IPsec] DMVPN thoughts

2013-11-26 Thread Mike Sullenberger (mls)
Timo, Comments Inline. Mike. Mike Sullenberger, DSE m...@cisco.com    .:|:.:|:. Customer Advocacy  CISCO -Original Message- From: Timo Teräs [mailto:timo.te...@gmail.com] On Behalf Of Timo Teras Sent: Monday, November 25, 2013 10:30 PM To: Mike Sullenberger (mls

Re: [IPsec] DMVPN thoughts

2013-11-25 Thread Mike Sullenberger (mls)
Timo, Thank you very much for your comments. I had not realized that anyone had tried to implement our additions to NHRP, it is nice to hear that it wasn't too hard to do. I have a couple of comments, inline. Mike. Mike Sullenberger, DSE m...@cisco.com    .:|:.:|:. Customer Advocacy  

Re: [IPsec] AD VPN: discussion kick off

2013-11-05 Thread Mike Sullenberger (mls)
] Mike Sullenberger, DSE m...@cisco.com.:|:.:|:. Customer Advocacy CISCO From: Stephen Kent [mailto:k...@bbn.com] Sent: Monday, November 04, 2013 1:57 PM To: Mike Sullenberger (mls); Michael Richardson Cc: Stephen Lynn (stlynn); draft-detienne-dm...@tools.ietf.org; Mark

Re: [IPsec] AD VPN: discussion kick off

2013-11-04 Thread Mike Sullenberger (mls)
Michael, I would say that DMVPN is much more than a brilliant hack. Of the three proposals it is the only one that uses layering to create a real VPN with emphasis on network. The other two proposals are just adding some dynamic functionality onto a collection of tunnels, but don't actually

Re: [IPsec] Some comments on draft-detienne-dmvpn-00

2013-10-28 Thread Mike Sullenberger (mls)
Lou, Thanks, again answer inline :-). Mike. Mike Sullenberger, DSE m...@cisco.com    .:|:.:|:. Customer Advocacy  CISCO -Original Message- From: Lou Berger [mailto:lber...@labn.net] Sent: Thursday, October 24, 2013 8:57 AM To: Mike Sullenberger (mls) Cc: IPsecme

Re: [IPsec] Some comments on draft-detienne-dmvpn-00

2013-10-23 Thread Mike Sullenberger (mls)
Lou, Thank you for your comments, more inline. Mike. Mike Sullenberger, DSE m...@cisco.com    .:|:.:|:. Customer Advocacy  CISCO -Original Message- From: Lou Berger [mailto:lber...@labn.net] Sent: Friday, October 18, 2013 3:29 PM To:

Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-fragmentation-03.txt

2013-10-17 Thread Mike Sullenberger (mls)
As I remember it IPv4 has a minimum packet size of 576 that won't (or at least shouldn't be) fragmented by IP. Mike. Mike Sullenberger, DSE m...@cisco.com    .:|:.:|:. Customer Advocacy  CISCO -Original Message- From: ipsec-boun...@ietf.org

Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-fragmentation-03.txt

2013-10-17 Thread Mike Sullenberger (mls)
  CISCO -Original Message- From: Yoav Nir [mailto:y...@checkpoint.com] Sent: Thursday, October 17, 2013 12:09 PM To: Mike Sullenberger (mls) Cc: Valery Smyslov; ipsec@ietf.org; Paul Wouters Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-fragmentation- 03.txt Yes