Centralized management/configuration systems

Unanswered Question
Aug 4th, 2007
User Badges:


Can i have a quick briefing on any carrier-class centralized management/configuration system, that automates the configuration process for MPLS L3, L2VPNs, VPLS, IPTV, VoIP, gaming ... etc

I read about the SCE but it doesn't seem to help on the MPLS VPN services, do i need the SCE plus an additional system like Cisco Works or is there an integrated solution for all that?

Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
umedryk Thu, 08/09/2007 - 12:45
User Badges:
  • Bronze, 100 points or more

Here is brief description on why VPN through NAT/PAT doesn't work and the pix ver 6.3 Q1-03 will have a fix for this NAT transparency (IETF UDP-based) In certain cases, NAT or Port Address Translation (PAT) may interfere with the VPN connection process. For example, a consultant working at a client company may need VPN access to the consultancy network through the client's Internet gateway. If, as with most private LANs, the client company gateway uses NAT or PAT at the firewall, the client will need a protocol that uses port numbers, such as TCP or UDP. IPsec does not use port numbers. The consultancy network administrator can configure the VPN concentrator to tell the consultant's PC to apply a UDP header between the IP encapsulation header and the Encryption Security Protocol (ESP) 50 header. (ESP is a set of IETF-standard encryption and packet authentication services per RFC 2406.) When packets leave the consultant's PC and pass through the client company firewall, NAT or PAT translates based on the new UDP header. The new UDP header is stripped at the VPN concentrator along with the IP encapsulation header and the ESP 50 header.


This Discussion