Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
685
Views
0
Helpful
6
Replies

few questions about ipsec

Go to solution
sarahr202
Level 5
Level 5

‎03-20-2010 08:19 PM - edited ‎03-06-2019 10:14 AM

Hi every body.

I have few questions about ipsec.

According to my book, ip sec is not a single prtocol but a architecture which consists of different protocols such as AH and ESP to name the few.

These protocols are defined by different rfcs.

Q1)  when we say a certain device supports ipsec, does it mean it support all the  protocols found in ipsec architecture or it means certain protocols not all?

Q2) How can we determine what  protocols of  ipsec are supported by a certain  device?

Thanks and have a wonderful weekend.

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎03-20-2010 08:42 PM

Q1) In my experiencea device that claims to support IPSec will support the broad range of protocols, including AH, ESP, ISAKMP, etc. It is certainly possible that there could be a device that claims that it supports IPSec and it supports ESP but not AH. While that is possible is would be very unusual.

Q2) First I would examine any documentation available for the device and see what it says about what IPSec protocols are supported. And the real way to find it out is to get the device and try configuring various IPSec protocols to see which ones work and which ones, if any, give errors when you attempt to configure them.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful

Go to solution
sean_evershed
Level 7
Level 7

‎03-21-2010 03:14 AM

In answer to question 2 there are few technologies you can use:

- Wireshark to sniff the packets being generated by the device.

- Check on your firewall what ports are being blocked for IPSEC traffic coming from the device.

- Netflow will also show what port numbers are being generated by the IPSEC device.

View solution in original post

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎03-21-2010 03:34 AM

If a device claims that it supports IPSEC, most probably (99%), they support the whole architecture of IPSEC, otherwise, the VPN connection itself will not work.

In regards to your Q2, I haven't seen a device that only supports part of the IPSEC. It would either support IPSEC or not support IPSEC, not partly supporting it.

With Cisco devices, the following supports IPSEC:

- Routers

- ASA/PIX firewall

- VPN-SPA on CAT6K

- VPN Concentrator

Here is a little bit of reading for your reference on Cisco VPN devices:

http://www.cisco.com/en/US/partner/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/prod_brochure09186a00801f0a72_ns710_Networking_Solutions_Brochure.html

Hope it helps.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎03-20-2010 08:42 PM

Q1) In my experiencea device that claims to support IPSec will support the broad range of protocols, including AH, ESP, ISAKMP, etc. It is certainly possible that there could be a device that claims that it supports IPSec and it supports ESP but not AH. While that is possible is would be very unusual.

Q2) First I would examine any documentation available for the device and see what it says about what IPSec protocols are supported. And the real way to find it out is to get the device and try configuring various IPSec protocols to see which ones work and which ones, if any, give errors when you attempt to configure them.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
sarahr202
Level 5
Level 5
In response to Richard Burts

‎03-21-2010 07:26 AM

thanks   rick.

0 Helpful

Go to solution
sean_evershed
Level 7
Level 7

‎03-21-2010 03:14 AM

In answer to question 2 there are few technologies you can use:

- Wireshark to sniff the packets being generated by the device.

- Check on your firewall what ports are being blocked for IPSEC traffic coming from the device.

- Netflow will also show what port numbers are being generated by the IPSEC device.

0 Helpful

Go to solution
sarahr202
Level 5
Level 5
In response to sean_evershed

‎03-21-2010 07:27 AM

thanks sean.

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎03-21-2010 03:34 AM

If a device claims that it supports IPSEC, most probably (99%), they support the whole architecture of IPSEC, otherwise, the VPN connection itself will not work.

In regards to your Q2, I haven't seen a device that only supports part of the IPSEC. It would either support IPSEC or not support IPSEC, not partly supporting it.

With Cisco devices, the following supports IPSEC:

- Routers

- ASA/PIX firewall

- VPN-SPA on CAT6K

- VPN Concentrator

Here is a little bit of reading for your reference on Cisco VPN devices:

http://www.cisco.com/en/US/partner/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/prod_brochure09186a00801f0a72_ns710_Networking_Solutions_Brochure.html

Hope it helps.

0 Helpful

Go to solution
sarahr202
Level 5
Level 5
In response to Jennifer Halim

‎03-21-2010 07:28 AM

thanks halijenn.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card