few questions about ipsec

Answered Question
Mar 20th, 2010

Hi every body.

I have few questions about ipsec.

According to my book, ip sec is not a single prtocol but a architecture which consists of different protocols such as AH and ESP to name the few.

These protocols are defined by different rfcs.

Q1)  when we say a certain device supports ipsec, does it mean it support all the  protocols found in ipsec architecture or it means certain protocols not all?

Q2) How can we determine what  protocols of  ipsec are supported by a certain  device?

Thanks and have a wonderful weekend.

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 6 years 8 months ago

If a device claims that it supports IPSEC, most probably (99%), they support the whole architecture of IPSEC, otherwise, the VPN connection itself will not work.

In regards to your Q2, I haven't seen a device that only supports part of the IPSEC. It would either support IPSEC or not support IPSEC, not partly supporting it.

With Cisco devices, the following supports IPSEC:

- Routers

- ASA/PIX firewall

- VPN-SPA on CAT6K

- VPN Concentrator

Here is a little bit of reading for your reference on Cisco VPN devices:

http://www.cisco.com/en/US/partner/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/prod_brochure09186a00801f0a72_ns710_Networking_Solutions_Brochure.html

Hope it helps.

Correct Answer by sean_evershed about 6 years 8 months ago

In answer to question 2 there are few technologies you can use:

- Wireshark to sniff the packets being generated by the device.

- Check on your firewall what ports are being blocked for IPSEC traffic coming from the device.

- Netflow will also show what port numbers are being generated by the IPSEC device.

Correct Answer by Richard Burts about 6 years 8 months ago

Q1) In my experiencea device that claims to support IPSec will support the broad range of protocols, including AH, ESP, ISAKMP, etc. It is certainly possible that there could be a device that claims that it supports IPSec and it supports ESP but not AH. While that is possible is would be very unusual.

Q2) First I would examine any documentation available for the device and see what it says about what IPSec protocols are supported. And the real way to find it out is to get the device and try configuring various IPSec protocols to see which ones work and which ones, if any, give errors when you attempt to configure them.

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Richard Burts Sat, 03/20/2010 - 20:42

Q1) In my experiencea device that claims to support IPSec will support the broad range of protocols, including AH, ESP, ISAKMP, etc. It is certainly possible that there could be a device that claims that it supports IPSec and it supports ESP but not AH. While that is possible is would be very unusual.

Q2) First I would examine any documentation available for the device and see what it says about what IPSec protocols are supported. And the real way to find it out is to get the device and try configuring various IPSec protocols to see which ones work and which ones, if any, give errors when you attempt to configure them.

HTH

Rick

Correct Answer
sean_evershed Sun, 03/21/2010 - 03:14

In answer to question 2 there are few technologies you can use:

- Wireshark to sniff the packets being generated by the device.

- Check on your firewall what ports are being blocked for IPSEC traffic coming from the device.

- Netflow will also show what port numbers are being generated by the IPSEC device.

Correct Answer
Jennifer Halim Sun, 03/21/2010 - 03:34

If a device claims that it supports IPSEC, most probably (99%), they support the whole architecture of IPSEC, otherwise, the VPN connection itself will not work.

In regards to your Q2, I haven't seen a device that only supports part of the IPSEC. It would either support IPSEC or not support IPSEC, not partly supporting it.

With Cisco devices, the following supports IPSEC:

- Routers

- ASA/PIX firewall

- VPN-SPA on CAT6K

- VPN Concentrator

Here is a little bit of reading for your reference on Cisco VPN devices:

http://www.cisco.com/en/US/partner/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/prod_brochure09186a00801f0a72_ns710_Networking_Solutions_Brochure.html

Hope it helps.

Actions

This Discussion