My client is planning to connect two private networks over the Internet using VPN (hardware-based devices). They also want to use PGP software to provide additional data encryption during data transfer between the two systems. I don't believe it's necessary, from either a cost or performance perspective, but they're insistent implementing PGP as well as the VPN. What can I tell them to make them see that this an unnecessary use of their resources?
PGP is going to give them some level of encryption (although PGP is not that good) from their PC to the router. Then their PGP packet will get hardware encrypted, which, if setup properly and is using 3DES is as secure as it gets. On the other side, the router that decrypts the packet with put the PGP packet back on that network to be decrypted by the end client. So it must be those two local LANs that they are concerned about. Of course, they could implement the Cisco VPN client from their desktop to the end router but then just the packet would be clear text on the remote LAN. Can anyone think of any other scenario where PGP might be still useful over a site-to-site VPN solution?
While VPN tunneling is EXTREMELY insecure, VPN Encryption is very secure, especially if it uses blowfish. I believe you are correct when saying the only time PGP encryption would be needed is if they are worried about interception on the destined private LAN. Never can one be too secure.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :