You're welcome.Re your follow

cbruce · ‎04-25-2014

Will these be replaced by IPv6 native end to end security?

Marvin Rhoads · ‎04-25-2014

IPv6 has built-in support for IPsec. It's doesn't magically decide what and how to encrypt everything though. That is still the job of the security engineer / firewall admin etc.

Whether we use IPsec over IPv4 or IPsec natively within IPv6, there's still a place for VPNs.

Even if the answer was "yes, eventually" that date would require every one of your peers to be reachable via IPv6 (and be ready to update their configurations). While adoption has been picking up lately, that day of ubiquitous IPv6 reachability is still a ways off for most of us.

cbruce · ‎04-25-2014

Marvin, much obliged. Standing by for other opinions. BTW, '.....still a ways off' would you guestimate that period of time being less or more than 5 years? ;)

Marvin Rhoads · ‎04-25-2014

You're welcome.

Re your follow up question: Like any good engineer when asked about futures, my answer is "it depends".

If they're all various companies in the US and abroad then I'd give less than even odds for all of your hundreds of partners being IPv6 ready and willing within 5 years. I'd come down more on the 5+ year range. That's just my personal opinion though.

If you're based in Europe or Asia and they're mostly all remote offices of your company then the answer would be it's up to you (working with your ISPs) but could happen real soon if it isn't already underway.

I work for a company that has hundreds of IPv4 site to site vpns terminating on an ASA5520. IPv6 impact?