Changes in setup/configuration for VPN and IPSec??

VPN network:
- The additional VPN related setup/configuration is required only at
the entry/exit point of the network i.e. routers. No changes are
necessary on other machines/systems in that network.

IPSec network:
- Each machine/system in the network will need to have the
additional
IPSec related setup/configuration.


Is that correct? Which one is preferred over the other, and in what
scenarios?

Re: Changes in setup/configuration for VPN and IPSec??

In article <1177577935.520327.21150@s33g2000prh.googlegroups.com>,
wrote:
>VPN network:
> - The additional VPN related setup/configuration is required only at
>the entry/exit point of the network i.e. routers. No changes are
>necessary on other machines/systems in that network.

>IPSec network:
> - Each machine/system in the network will need to have the
>additional
>IPSec related setup/configuration.

>Is that correct?

No. IPSec has two modes, point to point and network to network.
The (quite common) network to network mode is the same
as what you describe under "VPN Network".

"VPN" is a generic word to describe Virtual Private Networks
no matter how implemented. IPSec is one possible implementation.
Others include PPTP, GRE, and MLPS (amongst others.)

>Which one is preferred over the other, and in what
>scenarios?

Point to Point: the user can only reach the security endpoint
(e.g., a single server) unless that server allows the user's
traffic to be forwarded on. Good, for example, for allowing
vendors to check your currently open Request For Proposals
without allowing them to get at anything else.

Network to Network: it isn't uncommon for telecommuters to
require access to several internal machines