Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Number of IKE Tunnels and IPSec Tunnels

Reply
Thread Tools

Number of IKE Tunnels and IPSec Tunnels

 
 
philbo30
Guest
Posts: n/a
 
      04-11-2007
The number of IPSec tunnels we have is always > the number of IKE
tunnels. In terms of the number of "IPSEC Tunnels" listed as supported
on a specific piece of equipment, is it fair to assume that we only
care about the number of IPSec tunnels?

Why is the number of IPSec tunnels greater? Wouldn't the number of
IKE tunnels and IPSec tunnels match?

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      04-12-2007
In article <(E-Mail Removed) .com>,
philbo30 <(E-Mail Removed)> wrote:
>The number of IPSec tunnels we have is always > the number of IKE
>tunnels. In terms of the number of "IPSEC Tunnels" listed as supported
>on a specific piece of equipment, is it fair to assume that we only
>care about the number of IPSec tunnels?


I'd say, No, you care about IKE. I haven't noticed any equipment
rated for IPSec tunnels but not IKE tunnels (well, other than
some of my Linksys stuff.)


>Why is the number of IPSec tunnels greater? Wouldn't the number of
>IKE tunnels and IPSec tunnels match?


One IKE tunnel is needed between each pair of tunnel endpoints,
and that IKE tunnel is used to negotiate the security parameters
("Security Association") for all the IPSec tunnels that are created
for that pair. In turn, exactly one Security Association is needed for
each ACL entry (it's the way IPSec works.) You usually don't want
to be squeezed into conserving ACL entries: it isn't a good security
practice as it tends to promote accepting more packets over the
tunnels than is desired to be secured. Thus it is not typical to
limit the SA's (== IPSec tunnels), but it is meaningful to limit
the number of different gateways one can talk to (== IKE peers)
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN- IPsec and IKE Cisco_King Cisco 0 10-14-2007 02:51 PM
IPSEC and IKE Cisco_King Cisco 0 10-10-2007 12:52 PM
Two IKE tunnels, 1 IPSEC tunnel - is this possible??? perfik Cisco 0 10-03-2007 01:18 PM
Tunnels accesing other tunnels on concentrator ljorg Cisco 0 11-22-2006 01:43 PM
IPSec tunnels through IOS with PAT and ACL Mikhael47 Cisco 0 01-06-2006 04:35 PM



Advertisments