Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!


	F E A T U R E

IPSec VPNs: Take Us To the Pilot September 20, 1999 RedCreek Communications Ravlin 7100 RedCreek Ravlin's claim to fame is speedy performance, but while its management has gotten better since the last time we tested it, many of our original complaints still have not been addressed. Configuring the Ravlins and the VPNs between them is a tedious process. We had to touch every configuration option on each Ravlin. The Ravlins support multiple security policies for VPNs; unfortunately, RedCreek supports only X.509 certificates issued by RedCreek. While this is adequate for small shops, managing more than just a handful would take up way too much time. Client support is decent on the desktop. Although the Explorer-like interface in Ravlin Node Manager (RNM) appears to ease configuration, it's actually pretty time-consuming to configure VPNs. The problem arises because both sides of the VPN need to be configured identically for the VPN to negotiate correctly. We had to select the IKE parameters, the IPSec parameters, the source and destination networks for the VPN, and the shared secret between them. All of this has to be entered into each Ravlin participating in the VPN. Although we had only two Ravlins, we found ourselves constantly flipping between configuration windows to make sure the configurations were installed correctly. Add to this the danger of cutting yourself off from the remote side, which happened more than once, and the GUI management does nothing to ease the configuration burden. Both ADI and VPNet wisely leverage a basic strength of computers--figuring out predictable sequences and applying them. Now try to manage and configure 10 or more Ravlins with RNM and the difficulty grows. That's not to say RNM is all bad, it's just not well suited to large-scale VPNs. The logging features for the Ravlin 7100 are decent. During initial configuration, VPNs were not becoming established, and we were able to determine why: We had mistakenly mismatched configurations. Logging for remote clients was a little weaker as the messages are fairly cryptic. We also found that some of the messages are misleading. For example, when we were configuring RADIUS, we added the new network for the RADIUS server but could no longer access the Ravlin because of a profile mismatch. However, the logs only mentioned one side of the problem--we could see that the management station had failed the filter, but not which filter. The Ravlins support only a single VPN between a pair of Ravlin units. If you want to have multiple security associations between Ravlin units--you might want to have VPNs with valuable data rekeying more often than VPNs with less valuable data--you will need more than one Ravlin at the remote site. But it's affordable: At $17,500 for a Ravlin 7100 and 1,000 clients, it earned our Best Value award. Ravlin 7100, $7,500, RedCreek Communications, (888) 745-3900, (510) 745-3900; fax (510) 739-0058. www.redcreek.com
PAGE: 1 I 2 I 3 I 4 I 5 I 6 I 7 I 8 I 9 I 10 I NEXT PAGE

Video