IRE has known problems working with both Entrust and Netscape CAs, their only answer
seems to be "use Verisign".
-----Original Message-----
From: Kent Hundley [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, June 17, 1999 4:39 PM
To: mantis; firewalls
Subject: RE: IPSEC VPN clients
Mantis,
I have tested the IRE client on both windows 95 and NT using DES and
3DES to create IPSec tunnels to a Cisco router. It works great, no real
problems and you can pretty much follow the IPSec configuration examples
for the router on the Cisco web site. The client config is very
straight-forward, I didn't even need the configuration instructions.
I used a shared-secret and have not yet attempted to use a CA, but I
wouldn't anticipate any problems.
I have also configured a Linux box running FreeS/WAN 1.0 to communicate
with a Cisco router with no problems. The only issue there is the
FreeS/WAN only supports 3DES. The code includes support for DES, but
you have to hack it to enable it.
The one issue you will run into on the Cisco side is that you almost
need to know the IP addresses of the clients in advance so that you can
properly create the access-lists to determine what packets get
encrypted. While this is easy in a lab setting, in the real world of
VPN's, you most likely will not know the IP addresses of the clients in
advance.
You can get around this by using the 'any' keyword in your
access-lists. There might also be a way around it by using L2TP in
conjunction with IPSec, but I haven't gone down that road to test it
out.
HTH,
Kent
Kent Hundley
INS
------------------------------------------------------
Could some one please advise on IPSEC VPN Clients or point me in the
right direction.
I am implementing a large IPSEC VPN network and need to know how well
client software supports public / key private keys and compatability of
this function with Cisco's Implementation of IPSEC.
I have asked Cisco for information on IRE and 3com for information on
TimeStep. Both vendors advised these were the prefered clients but
cannot get them to provide the information I need. Has any one had
experience with IRE, Timestep or NA's IPSEC Client's with Cisco's VPN
IPSEC environment???
thanks in advance.
Mantis.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
