Path: utzoo!attcan!uunet!samsung!zaphod.mps.ohio-state.edu!ncar!boulder!daemon
From: smb@ulysses.att.com
Newsgroups: comp.dcom.sys.cisco
Subject: Re: ARP/Routers/Ethernet Encryption
Message-ID: <22295@boulder.Colorado.EDU>
Date: 15 Jun 90 20:27:34 GMT
Sender: daemon@boulder.Colorado.EDU
Lines: 8

Perhaps you should add a DESNC to the Cisco port, and let anyone talk
to it.  Then you could rely on the filtering capabilities of the
Cisco to control who got to the protected subnet.

The essence of the problem is that you're trying to use a level-2
encryption box but still talk through a level-3 unit, i.e., a
router.  The real solution is to find a level-3 encryptor, probably
something built in compliance with the SDNS specs.