02-06-2008 09:05 PM
Not sure if this should be posted in this forum but it seems to be the best fit. (if anyone has a better idea I'll post there).
We have a client communicating to us over a VPN using IPSEC GRE tunneling on a 1700+ series router. They will not use any other kind of router or implement any other security protocols or allow us to install any equipment on their site. Our requirements are that all messages across our internal LAN must be encrypted. If we use a IPSEC router, the messages will come out the back into our LAN in the clear.
Can anyone please tell me if there is a router / firewall or any kind of device that will do encryption translation from IPSEC on the WAN to SSL on the LAN? I say SSL because our crypto devices can support this and at least the messages will get there in some kind of encrypted state.
Any help really appreciated.
02-12-2008 03:15 PM
Usually two sites involved will have either firewall or router which does authentication and encryption on their respective sides . These devices take care of encryption only between themselves. If you need encryption beyond this to internal LAN on their sides , you need to configure end hosts to support and negotiate for this.
02-13-2008 09:37 AM
Yes, run "ssh" inside the IPSec tunnel. That
will ensure all communications will be encrypted.
CCIE Security
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide