Re: [IPsec] Large Scale VPN

2012-01-03 Thread Praveen Sathyanarayan
I would like to re-iterate again. 1.) Juniper solution is not based on GRE. Juniper solution is based on pure IPSec in tunnel mode. It works very well. 2.) Juniper implementation has many proprietary messages to solve all scenarios. NHRP is required, but it is not complete. 3.) Authentication

Re: [IPsec] Large Scale VPN

2011-12-22 Thread Yoav Nir
Hן Mike On Dec 22, 2011, at 3:16 AM, Mike Sullenberger wrote: Everyone, I noticed that in the four vendor presentations in the P2P VPN - side meeting in TAIPEI that none of vendors chose to extend or augment IKE/IPsec to solve this class of problems. This is not to say that vendors haven't

Re: [IPsec] Large Scale VPN

2011-12-13 Thread Ulliott, Chris
Protective Marking: UNCLASSIFIED +1, looks good to me! Chris -Original Message- From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Yoav Nir Sent: Monday, December 12, 2011 9:45 AM To: IPsecme WG Cc: Paul Hoffman Subject: Re: [IPsec] Large Scale VPN Hi all If we

Re: [IPsec] Large Scale VPN

2011-12-12 Thread Yoav Nir
Hi all If we want Paul and Yaron to take this to our AD, we need to show that there are more people who think these work items are a good idea. More people than just me and MCR. So please show your support (or objections!) soon. An I think this is a good idea, I think we should use ternary

Re: [IPsec] Large Scale VPN

2011-12-12 Thread Stephen Hanna
Yes, I definitely think this is a good idea. Thanks, Steve -Original Message- From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Yoav Nir Sent: Monday, December 12, 2011 4:45 AM To: IPsecme WG Cc: Paul Hoffman Subject: Re: [IPsec] Large Scale VPN Hi all

Re: [IPsec] Large Scale VPN

2011-12-12 Thread david.black
+1, Thanks, --David -Original Message- From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Stephen Hanna Sent: Monday, December 12, 2011 10:19 AM To: Yoav Nir; IPsecme WG Cc: Paul Hoffman Subject: Re: [IPsec] Large Scale VPN Yes, I definitely think

Re: [IPsec] Large Scale VPN

2011-12-12 Thread Mark Boltz
Of Stephen Hanna Sent: Monday, December 12, 2011 10:19 AM To: Yoav Nir; IPsecme WG Cc: Paul Hoffman Subject: Re: [IPsec] Large Scale VPN Yes, I definitely think this is a good idea. Thanks, Steve -Original Message- From: ipsec-boun...@ietf.org [mailto:ipsec-boun

Re: [IPsec] Large Scale VPN

2011-12-12 Thread Suresh Melam
-Original Message- From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Stephen Hanna Sent: Monday, December 12, 2011 10:19 AM To: Yoav Nir; IPsecme WG Cc: Paul Hoffman Subject: Re: [IPsec] Large Scale VPN Yes, I definitely think this is a good idea

Re: [IPsec] Large Scale VPN

2011-12-12 Thread Michael Ko
As I indicated in the side meeting and mailing list discussions, I definitely support this going forward. Mike - Original Message - From: Yoav Nir To: IPsecme WG Cc: Paul Hoffman Sent: Monday, December 12, 2011 1:44 AM Subject: Re: [IPsec] Large Scale VPN Hi all If we want Paul

[IPsec] Large Scale VPN

2011-12-08 Thread Yoav Nir
Hi all. The discussion has died down a bit, so I thought I'd chime in with proposed charter text. What do people think of the following? The first paragraph is taken from Steve's email of 18-Nov. Yoav In an environment with many IPsec gateways and remote clients that share an established

Re: [IPsec] Large Scale VPN

2011-12-08 Thread Paul Hoffman
On Dec 8, 2011, at 1:55 AM, Yoav Nir wrote: In an environment with many IPsec gateways and remote clients that share an established trust infrastructure (in a single administrative domain or across multiple domains), customers want to get on-demand mesh IPsec capability for efficiency.

Re: [IPsec] Large Scale VPN

2011-12-08 Thread Yaron Sheffer
We as a group can commit to deliverable #1 and #3 (problem statement and standardized solution). But deliverable #2 (vendor protocols) is mostly out of our hands. So before we approve this charter, I would like to hear from people that represent vendors that they can commit to publish such a

Re: [IPsec] Large Scale VPN

2011-12-08 Thread Paul Hoffman
On Dec 8, 2011, at 10:14 AM, Yaron Sheffer wrote: We as a group can commit to deliverable #1 and #3 (problem statement and standardized solution). But deliverable #2 (vendor protocols) is mostly out of our hands. So before we approve this charter, I would like to hear from people that

Re: [IPsec] Large Scale VPN

2011-12-08 Thread Yoav Nir
On Dec 8, 2011, at 6:04 PM, Paul Hoffman wrote: On Dec 8, 2011, at 1:55 AM, Yoav Nir wrote: In an environment with many IPsec gateways and remote clients that share an established trust infrastructure (in a single administrative domain or across multiple domains), customers want to get

Re: [IPsec] Large Scale VPN

2011-12-08 Thread Yoav Nir
On Dec 8, 2011, at 8:14 PM, Yaron Sheffer wrote: We as a group can commit to deliverable #1 and #3 (problem statement and standardized solution). But deliverable #2 (vendor protocols) is mostly out of our hands. That's why I used review and help rather than write or produce. So before we

Re: [IPsec] Large Scale VPN

2011-12-08 Thread Paul Hoffman
On Dec 8, 2011, at 12:00 PM, Yoav Nir wrote: On Dec 8, 2011, at 6:04 PM, Paul Hoffman wrote: On Dec 8, 2011, at 1:55 AM, Yoav Nir wrote: In an environment with many IPsec gateways and remote clients that share an established trust infrastructure (in a single administrative domain or

Re: [IPsec] Large Scale VPN

2011-12-08 Thread Michael Richardson
I find the goals and schedule acceptable. Yoav == Yoav Nir y...@checkpoint.com writes: Yoav In an environment with many IPsec gateways and remote clients Yoav that share an established trust infrastructure (in a single Yoav administrative domain or across multiple domains),