[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSEC tunnels for LAN-to-LAN interop issue



Stephen,

Keep in mind that many applications have no need for multiple tunnels
between the same pair of security gateways.  Given high speed crypto,
a good argument can be made that the whole notion is overkill -- just
protect all traffic with strong crypto.  Standard examples of multiple 
tunnels show "important" traffic protected with 3DES and "unimportant" 
protected with 1DES, but why do that if you can do them both at wire
speed, as you can with hardware assist?

Apart from that, the virtual interfaces we're talking about live above 
the tunnels, and correspond to the entire connectivity (over the
entire set of tunnels) to a particular remote security gateway.  Thus
they are a direct analog of a point to point connection.

	paul


Follow-Ups: References: