[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Windows 2000 and Cicsco router interoperability
IPSEC/IKE is said to be too complex. What chance have we got if we need to
run L2TP as well!
There is nothing really bad about Modeconfig. Xauth has its problems, but
there have been drafts to suggest alternatives - e.g. CRACK by Dan H.
Steve.
-----Original Message-----
From: Stephen Kent [mailto:kent@bbn.com]
Sent: Thursday, May 11, 2000 10:15 PM
To: CHINNA N.R. PELLACURU
Cc: ipsec@lists.tislabs.com
Subject: Re: Windows 2000 and Cicsco router interoperability
At 2:54 PM -0700 5/10/00, CHINNA N.R. PELLACURU wrote:
>I can't speak for the whole of Cisco, but the way I look at it is:
>
>Modeconfig/Xauth are being supported as quick hack to get something to
>work, and get something to customers, until there is a client that can do
>IPSec and L2TP.
>
>I beleive that it is not our long term vision, to ship Modeconfig/Xauth. I
>beleive that Cisco's long term goal is to follow whatever is standardized
>in the IPSRA WG, because that's what IPSRA WG is chartered to solve.
>
That's one view.
Another perspective is that L2TP over IPsec represents an effort by
Microsoft & Cisco to preserve a joint development investment in L2TP,
irrespective of its technical merit in this context :-). If I am
sending non-IP packets, L2TP is appropriate, but if I am sending IP,
then the extra headers introduced by L2TP are not only wasteful of
bandwidth on a continuing basis, but they also interfere with the
access controls that are an essential part of IPsec. One needs some
means of dealing with bind time connection parameters, but use of
L2TP on a continuing basis is an expensive means of achieving this
goal.
Steve