On Jun 23, 2006, at 2:02 PM, Bora Akyol wrote:
If your IPSEC is being done in hardware and you have appropriate QoS mechanisms in your network, you will probably not be able to pass your best effort traffic but the rest should be OK.
Unless the DoS is within the IPSEC tunnel and crowds out the good traffic. ;> Your original post seemed to imply that IPSEC is an anti-DoS mechanism, as does the statement 'If you pay attention to detail, it does help.' IPSEC is not an anti-DoS mechanism at all, it's important to be clear about that. ---------------------------------------------------------------------- Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice Everything has been said. But nobody listens. -- Roger Shattuck