[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Windows 2000 and Cicsco router interoperability

To: Mike Carney <carney@securecomputing.com>
Subject: RE: Windows 2000 and Cicsco router interoperability
From: Chris Trobridge <CTrobridge@baltimore.com>
Date: Wed, 10 May 2000 11:20:43 +0100
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

What does this mean for secure remote access?

The 'standard' IPSEC approach is to use an ESP tunnel to connect the client
to a security GW on the edge of the corporate network.

If tunnel mode isn't supported in the client then this isn't possible, as
transport mode will only get you to the GW.

Unless...  Windows is relying on a transport mode ESP with L2TP tunneling to
provide the secure pipe(?).  Wouldn't this cause interoperability issues
between Win2k professional and third party IPSEC security gateways?

Chris

> -----Original Message-----
> From: Mike Carney [mailto:carney@securecomputing.com]
> Sent: 08 May 2000 15:50
> To: Patrick Ethier
> Cc: 'Andrea Schiavoni'; ipsec@lists.tislabs.com;
> carney@jumpsrv.stp.securecomputing.com
> Subject: Re: Windows 2000 and Cicsco router interoperability 
> 
> 
> 
> > 
> > It was brought to my attention about a month ago that W2K 
> does not support
> > tunneling mode. I can't confirm whether that is true or not 
> because I
> > haven't bothered to verify it. Try changing from tunnel to 
> transport in your
> > quick mode and see if it works. Let me know, I'm curious to 
> find out if this
> > is the case.
> 
> I believe it is the case that Windows 2000 Professional only support 
> L2TP as the tunneling protocol (which may be over a IPSEC transport
> session).
> 
> The Server and Advanced Server editions can support IPSEC tunnels when
> acting as a gateway device.
> 
> See White Paper for the Windows 2000 Server operating system entitled
> Microsoft Privacy Protected Network Access: 
> Virtual Private Networking and Intranet Security
> 
> I have a paper copy and I'm not sure if it came off web site or the
> MSDN subscription.
> Regards,
> Michael Carney
> 
> >  
> >  
> > Regards,
> >  
> > ________________ 
> > Patrick Ethier 
> > Product Development 
> > SecureOps Inc. 
> > patrick@secureops.com 
> > (514) 982-0678 x 106 
> > (514) 982-0362 - fax 
> > 
> > -----Original Message-----
> > From: Andrea Schiavoni [mailto:s81331@cclinf.polito.it]
> > Sent: Saturday, May 06, 2000 7:57 AM
> > To: ipsec@lists.tislabs.com
> > Subject: Windows 2000 and Cicsco router interoperability
> > 
> > 
> > Has anybody tried ISAKMP between W2000 and Cisco routers?
> > I have tried with pre-shared secret authentication method:
> > des-sha1 and des-md5 in main mode
> > des-esp , des-sha1 , des-md5 and ah in quick mode
> >  
> > They successfully worked in main mode, but they couldn't 
> setup the IPsec SA
> > in quick mode.
> > Thanks
> > Andrea Schiavoni

Follow-Ups:

Re: Windows 2000 and Cicsco router interoperability

From: Ben McCann <bmccann@indusriver.com>

Re: Windows 2000 and Cicsco router interoperability

From: Mike Carney <carney@securecomputing.com>

A Gentle Reminder....

From: "Theodore Y. Ts'o" <tytso@mit.edu>

Prev by Date: Re: Windows 2000 and Cicsco router interoperability
Next by Date: Re: Windows 2000 and Cicsco router interoperability
Prev by thread: R: Windows 2000 and Cicsco router interoperability
Next by thread: Re: Windows 2000 and Cicsco router interoperability
Index(es):
- Main
- Thread