IPsec VPN between US and China... Is it legal?

Unanswered Question
Sep 6th, 2007
User Badges:

Can anyone point me to some information that details the legalities of creating a site-site IPsec VPN between the US and China? I need to do this and am not sure if I will be breaking any laws.

Also, I will be creating the VPN between an ASA5520 (US Side) and a Netscreen 25 (China) and a Netscreen 5GT(China), are there any interoperability issues to look out for here?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
CHRIS KALETH Mon, 09/10/2007 - 06:07
User Badges:

I am looking for the same information. If you have found anything please let me know. Also, I need to find a Cisco vendor in China (Shanghai). Has anyone worked with one and any thoughts on how the process works and more importantly how long it takes to get the products (router, switches, IP phones, etc)

danail-petrov Tue, 09/11/2007 - 06:53
User Badges:

Hi there.

In your situation, i would try to see first if it works at all. Because China is popular with communism's charge manner, there everything is filtered (most of internet content actually.Some people says that ~80% of internet content is filtered (including google)).So, if the protocols with number 50,51 (ESP,AH) are NOT filtered, i believe it is legal and will work without violate any law rules. In communism everything which is not allowed is prohibited by "default" :-) So try to establish IPSec connection to any point outside China, and you will find out the answer :)

Otherwise just consult your lawyer.

Kind Regards,

Danail Petrov

peter.williams@... Tue, 09/11/2007 - 07:26
User Badges:

I have an ipsec site-to-site working in China (Shanghai) for 2 years now. Other than the 300ms delay it has been working. I did not have any problems with legalities at all, I just created it with the hardware that we bought in China.

rais Tue, 09/11/2007 - 07:30
User Badges:
  • Silver, 250 points or more

Apparently, the NetScreen 25 is already in China. Also, when it comes to economic ties, it should be allowed.


Danilo Dy Tue, 09/11/2007 - 08:19
User Badges:
  • Blue, 1500 points or more


There are some countries that US imposed not only economic embargo but also technology embargo.

Devices that run technological advancement like VPN may be available in some countries (i.e. China) but may not come with all VPN encryption level.

I have configured PIX to Netscreen IPSEC 3DES S2S VPN - in which Netscreen is located in ShangHai. Also IPSEC 3DES S2s VPN between two Netscreen devices (one in ShangHai). A word of advice at the Netscreen config, use Policy base not Route base.

Best way is to get a global vendor with outlet in China (if possible in the city where you want to use it).



CHRIS KALETH Tue, 09/11/2007 - 08:22
User Badges:

Can anyone suggest an ISP in Shanghai? What is involved with ordering this circuit and approximately how long does it take for the circuit to be installed? Any other suggestions for opening a Shanghai office would be appreciated (Cisco vendors, PRI circuits/equipment, etc)


This Discussion