When you are using Firewalls doing VPN's, you are troubleshooting three basics areas. The encryption piece, the ACL piece and the routing piece. Anyone of these can hose you, so you need tools to troubleshoot each of them. A fourth piece could be translation, but I would skip this until the VPN is working well. As far as tools go, the most important in my mind is the ability to sniff traffic on the wire around the two VPN connections points. You need to be able to do this on each side of a gateway to see if traffic is passing correctly and also if it has been encrypted/decrypted as you expected. This can be done with tcpdump or snoop on *nix boxes, but if its NT, you need something external. Something that will allow you to see what packets are traversing as well as view the layers of the packets. This is crucial in successful VPN testing, since it helps troubleshoot each piece in one tool. You will also need the basic troubleshooting tools to generate traffic and test connectivity: ping, telnet and any other app that you are trying to pass. There are several ways to setup VPN's, so documentation is crucial. You won't be able to remember if it worked with DES and MD5 with pre-shared passwords, but not 3DES and SHA1 with an external certificate server after a couple times of testing. Unless you are intimately familiar with the different configurations, I would recommend building procedures/checklists utilizing each of the technologies in which a product offers connection. This will obviously be smaller if you are doing multi-vender interoperability testing, but if you are using say FW-1 to FW-1 VPN's, there are several possible scenarios. Hope this helps, Jarrett -----Original Message----- From: Krishnan Narayanan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 06, 2000 1:57 AM To: '[EMAIL PROTECTED]' Subject: Off topic --- VPN testing methodlogies Hi , I would be testing various VPN solutions viz.. Cisco,Checkpoint,Nortel (anything else ?). I would appreciate inputs on 1) How does one test?...ie: methodology ....a design and a schematic procedure for testing in various scenarios considering different options. 2)What does one measure for evaluating the product/technology? 3)Tools required :eg IOS with IPplus,Real secure etc Thanks in advance. K.Narayanan. ___________________________________ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___________________________________ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
