Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

few questions about ipsec

Hi every body.

I have few questions about ipsec.

According to my book, ip sec is not a single prtocol but a architecture which consists of different protocols such as AH and ESP to name the few.

These protocols are defined by different rfcs.

Q1)  when we say a certain device supports ipsec, does it mean it support all the  protocols found in ipsec architecture or it means certain protocols not all?

Q2) How can we determine what  protocols of  ipsec are supported by a certain  device?

Thanks and have a wonderful weekend.

3 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Re: few questions about ipsec

Q1) In my experiencea device that claims to support IPSec will support the broad range of protocols, including AH, ESP, ISAKMP, etc. It is certainly possible that there could be a device that claims that it supports IPSec and it supports ESP but not AH. While that is possible is would be very unusual.

Q2) First I would examine any documentation available for the device and see what it says about what IPSec protocols are supported. And the real way to find it out is to get the device and try configuring various IPSec protocols to see which ones work and which ones, if any, give errors when you attempt to configure them.

HTH

Rick

Re: few questions about ipsec

In answer to question 2 there are few technologies you can use:

- Wireshark to sniff the packets being generated by the device.

- Check on your firewall what ports are being blocked for IPSEC traffic coming from the device.

- Netflow will also show what port numbers are being generated by the IPSEC device.

Cisco Employee

Re: few questions about ipsec

If a device claims that it supports IPSEC, most probably (99%), they support the whole architecture of IPSEC, otherwise, the VPN connection itself will not work.

In regards to your Q2, I haven't seen a device that only supports part of the IPSEC. It would either support IPSEC or not support IPSEC, not partly supporting it.

With Cisco devices, the following supports IPSEC:

- Routers

- ASA/PIX firewall

- VPN-SPA on CAT6K

- VPN Concentrator

Here is a little bit of reading for your reference on Cisco VPN devices:

http://www.cisco.com/en/US/partner/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/prod_brochure09186a00801f0a72_ns710_Networking_Solutions_Brochure.html

Hope it helps.

6 REPLIES
Hall of Fame Super Silver

Re: few questions about ipsec

Q1) In my experiencea device that claims to support IPSec will support the broad range of protocols, including AH, ESP, ISAKMP, etc. It is certainly possible that there could be a device that claims that it supports IPSec and it supports ESP but not AH. While that is possible is would be very unusual.

Q2) First I would examine any documentation available for the device and see what it says about what IPSec protocols are supported. And the real way to find it out is to get the device and try configuring various IPSec protocols to see which ones work and which ones, if any, give errors when you attempt to configure them.

HTH

Rick

Bronze

Re: few questions about ipsec

thanks   rick.

Re: few questions about ipsec

In answer to question 2 there are few technologies you can use:

- Wireshark to sniff the packets being generated by the device.

- Check on your firewall what ports are being blocked for IPSEC traffic coming from the device.

- Netflow will also show what port numbers are being generated by the IPSEC device.

Bronze

Re: few questions about ipsec

thanks sean.

Cisco Employee

Re: few questions about ipsec

If a device claims that it supports IPSEC, most probably (99%), they support the whole architecture of IPSEC, otherwise, the VPN connection itself will not work.

In regards to your Q2, I haven't seen a device that only supports part of the IPSEC. It would either support IPSEC or not support IPSEC, not partly supporting it.

With Cisco devices, the following supports IPSEC:

- Routers

- ASA/PIX firewall

- VPN-SPA on CAT6K

- VPN Concentrator

Here is a little bit of reading for your reference on Cisco VPN devices:

http://www.cisco.com/en/US/partner/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/prod_brochure09186a00801f0a72_ns710_Networking_Solutions_Brochure.html

Hope it helps.

Bronze

Re: few questions about ipsec

thanks halijenn.

298
Views
0
Helpful
6
Replies