O'Reilly logo

CCIE Practical Studies: Security (CCIE Self-Study) by Raymond Morrow, Andrew G. Mason, Dmitry Bokotey

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Issues with Conventional IPSec VPNs

Certain issues arise when you try to achieve full IPSec cloud functionality:

  • The inherent nature of IPSec does not allow routing protocol updates to be routed through the IPSec tunnel, because IPSec doesn't encrypt IP multicast/broadcast packets. As a result, whenever there is a change in the topology at the hub or spokes, the other end of the IPSec tunnel cannot be dynamically notified of it.

  • Each time a network needs to be added to the list of IPSec participants, a new access list must be defined for user traffic encryption.

  • Because IPSec environments are essentially hub-and-spoke networks, the hub router's configuration can grow to the point where it becomes a management nightmare.

  • Many hosts' public IP addresses ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required