[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Windows 2000 and Cicsco router interoperability
> What does this mean for secure remote access?
>
> The 'standard' IPSEC approach is to use an ESP tunnel to connect the client
> to a security GW on the edge of the corporate network.
>
> If tunnel mode isn't supported in the client then this isn't possible, as
> transport mode will only get you to the GW.
>
> Unless... Windows is relying on a transport mode ESP with L2TP tunneling to
> provide the secure pipe(?).
It is.
> Wouldn't this cause interoperability issues
> between Win2k professional and third party IPSEC security gateways?
>
It does.
Regards,
Michael Carney
> Chris
>
> > -----Original Message-----
> > From: Mike Carney [mailto:carney@securecomputing.com]
> > Sent: 08 May 2000 15:50
> > To: Patrick Ethier
> > Cc: 'Andrea Schiavoni'; ipsec@lists.tislabs.com;
> > carney@jumpsrv.stp.securecomputing.com
> > Subject: Re: Windows 2000 and Cicsco router interoperability
> >
> >
> >
> > >
> > > It was brought to my attention about a month ago that W2K
> > does not support
> > > tunneling mode. I can't confirm whether that is true or not
> > because I
> > > haven't bothered to verify it. Try changing from tunnel to
> > transport in your
> > > quick mode and see if it works. Let me know, I'm curious to
> > find out if this
> > > is the case.
> >
> > I believe it is the case that Windows 2000 Professional only support
> > L2TP as the tunneling protocol (which may be over a IPSEC transport
> > session).
> >
> > The Server and Advanced Server editions can support IPSEC tunnels when
> > acting as a gateway device.
> >
> > See White Paper for the Windows 2000 Server operating system entitled
> > Microsoft Privacy Protected Network Access:
> > Virtual Private Networking and Intranet Security
> >
> > I have a paper copy and I'm not sure if it came off web site or the
> > MSDN subscription.
> > Regards,
> > Michael Carney
> >
> > >
> > >
> > > Regards,
> > >
> > > ________________
> > > Patrick Ethier
> > > Product Development
> > > SecureOps Inc.
> > > patrick@secureops.com
> > > (514) 982-0678 x 106
> > > (514) 982-0362 - fax
> > >
> > > -----Original Message-----
> > > From: Andrea Schiavoni [mailto:s81331@cclinf.polito.it]
> > > Sent: Saturday, May 06, 2000 7:57 AM
> > > To: ipsec@lists.tislabs.com
> > > Subject: Windows 2000 and Cicsco router interoperability
> > >
> > >
> > > Has anybody tried ISAKMP between W2000 and Cisco routers?
> > > I have tried with pre-shared secret authentication method:
> > > des-sha1 and des-md5 in main mode
> > > des-esp , des-sha1 , des-md5 and ah in quick mode
> > >
> > > They successfully worked in main mode, but they couldn't
> > setup the IPsec SA
> > > in quick mode.
> > > Thanks
> > > Andrea Schiavoni
References: