[63807] in North American Network Operators' Group
Re: large-scale IPSEC tunnel deployment
daemon@ATHENA.MIT.EDU (Alex Yuriev)
Fri Oct 10 11:37:52 2003
Date: Fri, 10 Oct 2003 07:38:12 -0400 (EDT)
From: Alex Yuriev <alex@yuriev.com>
To: "Neil J. McRae" <neil@DOMINO.ORG>
Cc: nanog@merit.edu
In-Reply-To: <20031010092216.EEF694990@genesis.DOMINO.ORG>
Errors-To: owner-nanog-outgoing@merit.edu
> Orchestream has some of this functionality for setting the tunnels up,
> you can then use the corba interface to setup management with
> tools like SMARTS. The other problem is managing the keys, if you
> don't have a CA it will be painful if you need to change the keys. We
> have had some success with RSA's CA platform and IOS on this.
Since you are saying "some success" would you mind elaborating on what did
not work well with IOS?
Thanks,
Alex
