home
NEWS       BLOGS       FORUMS       NEWSLETTERS       RESEARCH       EVENTS       DIGITAL LIBRARY       CAREERS  
Network Computing Network Computing Powered by InformationWeek Business Technology Network

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |		 APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers

Security
F E A T U R E  
PGPvpn Keeps IPsec Simple

  February 4, 2002
  By Mike Fratto

  >> continued from previous page
How We Tested IPsec Clients

Printer Print Full Article
Printer Print This Page
Printer Download the PDF
E-Mail E-Mail This URL
We installed and tested each IPsec VPN client on Microsoft Windows 2000 Pro SP2. To interconnect the products, we used a Nortel Networks BayStack 450-24T switch, and we deployed Entrust Authority 6.0 with VPN Connector 5.0 to issue digital certificates. Funk Software's Steel-Belted Radius on Windows NT helped with user authentication. For our VPN gateways, we used a Cisco PIX running PIX OS 6.1, a Cisco 3005 Concentrator v.3.1 and a Nortel Contivity Extranet Switch 2600 v.3.60.45.

Test No. 1: The first test focused on how the IPsec clients created VPNs within each vendor's product line. We installed the clients on multiple machines and through each vendor's management console created and distributed policies to each client.

Test No. 2: In testing client-to-gateway interoperability, we used the local client configuration so we didn't have to wait for policy updates. However, all the configuration options available locally are also configurable centrally, so we suggest that during testing you use the local client configuration, then move to centrally configured polices.

We configured each VPN gateway and client with similar polices and tested with preshared secret IKE and certificates. We configured the policies to 3-DES/SHA-1 (Secure Hash Algorithm-1) or 3-DES/MD5 (Message Digest 5), Diffie-Hellman Group 2, no perfect forward secrecy and no antireplay. The IPsec policies were configured for tunnel-mode IPsec, 3-DES/SHA-1 or 3-DES/MD5. Each interoperability scenario used a host-to-VPN gateway, where we defined a Class C address space behind the VPN gateway.

Test No. 3: With Windows XP, we had to test interoperability a bit differently because Microsoft uses L2TP within IPsec for remote-access VPN connections. We used certificates generated by Microsoft's Certificate Server but configured the VPN gateways to support L2TP within IPsec, a configuration that would normally be supported anyway with XP. We did test (with some difficulty) Windows XP support for preshared secret as well.


   Page: 1 | 2 | 3 | 4 | 5 | 6 | Next Page





Ready to take that job and shove it?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center










InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Download Today
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch
Microsite of the Week


Powerful Information at Your Fingertips



InformationWeek Business Technology Network
InformationWeekInformationWeek 500InformationWeek 500 ConferenceInformationWeek AnalyticsInformationWeek CIO
InformationWeek EventsInformationWeek ReportsInformationWeek MagazinebMightyByte and SwitchDark Reading
Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingNo Jitter
space
Techweb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0 ConferenceMobile Business ExpoSoftware ConferenceCSI - Computer Security Institute
Black HatGTECEnergy CampMashup CampStartup Camp
space
Light Reading Communications Network
Light ReadingLight Reading EuropeUnstrungLight Reading's Cable Digital NewsConstantinopleInternet Evolution
Heavy ReadingLight Reading Live!Light Reading InsiderEthernet ExpoOptical ExpoTeleco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems & TechnologyInsurance & TechnologyWall Street & TechnologyAccelerating Wall StreetBank Systems & Technology Executive SummitBuyside Trading SummitInsurance & Technology Executive Summit
space
Microsoft Technology Network
MSDN MagazineTechNetThe Architecture Journal
space
App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Technology Marketing Solutions  |  Advertising Contacts  |   Briefing Centers
Copyright © 2008  United Business Media LLC  |  Privacy Statement  |  Terms of Service  |  Your California Privacy Rights