however, it is my understanding that IPSec will require 3des. so, while i can have quasi-encrypted config access, i can't use the new and improved VPN technology without 3des.
hmmm, I think you can still run ipsec tunnels with des only. But still the argument counts that you are not using the latest encryption technology.
imagine my "suprise" (none really) when i got onsite and discovered a number of ciscos installed by competitors. (we eventually lost the contract, and i'll note that the current supplier is using an all cisco network, inside and outside the "restricted" country.
i wonder if uunet/teleglobe/cable-and-wireless have gotten special permission to run 3des capable routers on their networks. i'm sure that all three are supplying network services to countries not on that list.
very good question. My interpretation of the licence agreement is that they can do so in the "listed" countries *only* but not in the rest. In general this is a very sensitive point. People lost their accounts with cisco when they applied for the software without their companies knowing about that. I still don't understand though how others (some unix os for example) ship 3des with public domain software. -- theo