I would also add that when considering the RFC you would want to be familiar with call admission control and key protection mechanism's like encrypting keys locally using AES encryption. Based on what I read neither of these are mentioned in the RFC but just a thought.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Brandon Carroll Sent: Monday, May 17, 2010 3:07 AM To: Kingsley Charles Cc: [email protected] Subject: Re: [OSL | CCIE_Security] rfc 2401 anti-spoofing Kingsley, I've had this email open for the last 2 days and have planned on responding but wanted to do a little more research on it. As far as I know on possible solution to the rfc filtering would be uRPF. This RFC is also mentioned in this document on DF bit override so that could factor in as well. http://www.cisco.com/en/US/docs/ios/12_2t/12_2t2/feature/guide/ftdfipsc.html Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com Platinum Solutions Group (PSG) provides high-end consulting services with a primary emphasis on Cisco's Data Center Solutions, Service Provider Solutions, Unified Communications and Security-enabled infrastructures. Be sure to visit www.platinumsolutionsgroup.com <http://www.platinumsolutionsgroup.com/> . On May 15, 2010, at 4:36 PM, Kingsley Charles wrote: Hi all The CCIE lab checklist has mentioned RFC 2401 anti-spoofing. RFC 2401 is about securing IP using ipsec. Can someone please share you thoughts on RFC 2401 anti-spoofing techniques with respect to lab. RFC 2401 snippet from the RFC - "This memo specifies the base architecture for IPsec compliant systems" With regards Kings _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
