IKE autoresponder update to freecerts.entrust.com

[Greg Carter <greg.carter@entrust.com>]

Yet another IKE autoresponder is up and running at vpncerts.entrust.com
or for the dns challenged 204.101.128.44 port 500.  It has a cert issued
by the same CA as freecerts.entrust.com will give you.

Here is what you can do:

Do IKE negotiations will all kinds of cert options such as: 
 certificate request payload with types of: X.509 Signature, X.509
PKCS#7 wrapped, and CRL.
 certificate payload types of X.509, X.509 PKCS#7, and CRL.
 the entities cert contains a subjectAltName with ip=204.101.128.44,
dns=vpncerts.entrust.com, email=greg.carter@entrust.com

The ID used in the ID payload is X.509 DN.  If people would prefer IP
Address let me know.

It has an RSA key so the only auth type that will work is RSA Signature.
DES, 3DES, and CAST-128 are supported for IKE encryption, MD5 or SHA1
for IKE hashes, and either group one or group two for DH.

There is NO ESP or AH capability at this address, however you can
negotiate an IPSEC SA.  For now it will only negotiate ESP, DES-CBC,
MD5, TUNNEL MODE, with PFS with group 2.  Any other proposal will
probably fail.  

There is no web page to configure it and no way to observer the results
other than what your own end tells you.

As well LDAP should be available at 204.101.128.41 port 389 for those
looking for CRLs etc.

If there are any problems email me.

Bye.

----
Greg Carter, Entrust Technologies
greg.carter@entrust.com

---

• Prev by Date: arch-07 and protocol mode stored in SAD? Why?
• Next by Date: Re: arch-07 and protocol mode stored in SAD? Why?
• Prev by thread: Re: arch-07 and protocol mode stored in SAD? Why?
• Next by thread: comments on VPN framework document
• Index(es):
  • Main
  • Thread