Issues with Conventional IPSec VPNs
Certain issues arise when you try to achieve full IPSec cloud functionality:
The inherent nature of IPSec does not allow routing protocol updates to be routed through the IPSec tunnel, because IPSec doesn't encrypt IP multicast/broadcast packets. As a result, whenever there is a change in the topology at the hub or spokes, the other end of the IPSec tunnel cannot be dynamically notified of it.
Each time a network needs to be added to the list of IPSec participants, a new access list must be defined for user traffic encryption.
Because IPSec environments are essentially hub-and-spoke networks, the hub router's configuration can grow to the point where it becomes a management nightmare.
Many hosts' public IP addresses ...
Get CCIE Practical Studies: Security (CCIE Self-Study) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
