RE: free s/wan (really interoperability)

[Ben Nagy <bnagy () cpms com au>]

Stuff inline

> -----Original Message-----
> From: sean.kelly () lanston com [mailto:sean.kelly () lanston com]
> Sent: Wednesday, 6 October 1999 11:22 PM
> To: jsdy () cospo osis gov; dufresne () sysinfo com
> Cc: siglite () criticalstop com; firewall-wizards () nfr net
> Subject: RE: free s/wan (really interoperability)
>
>
> > From: Joseph S D Yao [mailto:jsdy () cospo osis gov]
> > Subject: Re: free s/wan (really interoperability)
> >
> >
> > Ron DuFresne had asked:
> > > Are there any VPN products that do not require the same 
> > setup on both ends
> > > to impliment?  (i.e. VPN products that are cross-compatible 
> > with other products out there)
> >
> > There is IPsec VPN server software out there that is sold without a
> > client - one is directed to several other companies that make IPsec
> > clients.  So it would seem that the answer, probably with 
> > some caveats, is, "yes."
>
> IPsec is rapidly gaining popularity. 3Com is about to release 
> a NIC that
> implements 3DES and IPsec in hardware 

Is this based on the new Intel chipset that was recently reported (among
millions of other places) on slashdot?

http://developer.intel.com/design/network/82559c.htm

If so, the card implements a few of the madated IPSec ciphers in hardware,
which helps offload processing from the OS IPSec engine. It doesn't actually
grok IPSec itself. This is not to say that it's not pretty cool.

-- it integrates with 
> Win2000's IPsec
> implementation which is supposed to be their new VPN solution 
> (if this is
> true I'll be overjoyed -- MS will be actually conforming to 
> an existing
> standard).

I don't know how well they conform, but IPSec is native in all the previews
of W2K that I have played with, and I have had it working in various test
setups. It's damn easy to use for LAN stuff, and seems to work OK with
Cisco's IPSec gear.

>  Cisco is doing IPsec, there are IPsec 
> implementations (clients
> at least) for FreeBSD, Linux, etc.  If they conform to the 
> standard, they
> should all be interoperable.  PGPNet also uses IPsec.  

And every person and their pet of choice. I thought I read somewhere about
some body that did IPSec interop testing and offered to certify people's
products? Can anyone remind me about this? Anyway, if so, you should be able
to get any product that conforms and be fairly confident.
 
> I think IPsec version
> 2 is in the works but it will be a while before apps are out 
> that use it.

News to me. What's busted in IPSec "1"?

> Sean

Cheers!

--
Ben Nagy
Network Consultant, CPM&S Group of Companies
PGP Key ID: 0x1A86E304  Mobile: +61 414 411 520