-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
[EMAIL PROTECTED] said:
> Seems to me that interoperable simply means they can work together. It
> doesn't necesetate the fact that this means that the VPN's should be
> able to talk, or am I wrong ?
Please review the details on the certification program, available at:
http://www.icsalabs.com/html/communities/ipsec/index.shtml
In essence, with regard to interoperability, the program sets out to show that
a candidate product will interoperate with other certified products in various
required configuration states.
In this case, we tested the Netscreen 100 against (among others) the
Checkpoint VPN-1 on both the NT and Sun Solaris platforms, and found that that
all of the required configuration permutations would result in a tunnel being
established between the two products, and that useful traffic could be passed
between them. To be clear, this is a gateway-to-gateway tunnel, not "user-VPN"
as you put it.
Further, Version 1.0a of our criteria (the results in the link above are from
this version) does NOT consider 3DES encryption or certificate handling. This
will be covered in versions 1.0b and 1.1, respectively.
So yes, they work together, and the VPNs "can talk" as you put it.
One of the main reasons to go with a standards-based VPN technology like IPsec
is that it facilitates this type of interoperability.
Please refer to the lab notes for details on what we had to do to make these
products work together. Our lab notes are intended to supplement the vendor's
documentation, not to replace it, so "No Anomalies" or something similar
indicates that following the vendor's documentation should result in a
successful configuration.
Also, please pay particular attention to the version numbers and patch or
service pack levels involved, as we support no claims of interoperability for
other than the exact products we tested in the labs.
Hope this helps.....
AL
- --
+--------------------------------------------------------------------+
| Al Potter Manager, Network Security Labs |
| apotter at-yay icsa ot-day net ICSA Labs |
| (If the spambots learn piglatin...) |
| PGP Key: 0x58C95451 http://www.icsalabs.com |
| PGP Fingerprint: D3 1D BE 8C B5 DD 12 61 5A 4A 65 32 93 E5 D9 36 |
+--------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Exmh version 2.2 06/23/2000
iQCVAwUBO0HmxtuN3h5YyVRRAQKl/wP8CCQJ9kmEZQ2w/JKPIfXkB3wJsUKOOObc
MpHB6I6ab1Xmv6t1lxaJHp0afD3MqkeZUD8LuJB20PS2wRekoORHwmDk6GLPeBrI
jK8vFauTjkaH9pz5onC9aB5tR+N2QUYfob7zpF21nzesC9xXdR3sOAF4ZBS0jG9v
vPY3CInDf/U=
=XqON
-----END PGP SIGNATURE-----
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
