[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Windows 2000 and Cicsco router interoperability

To: Chris Trobridge <CTrobridge@baltimore.com>
Subject: Re: Windows 2000 and Cicsco router interoperability
From: Mike Carney <carney@securecomputing.com>
Date: Wed, 10 May 2000 08:46:06 -0500
cc: Mike Carney <carney@securecomputing.com>, ipsec@lists.tislabs.com, carney@jumpsrv.stp.securecomputing.com
In-reply-to: Your message of "Wed, 10 May 2000 11:20:43 BST." <1FD60AE4DB6CD2118C420008C74C27B854A310@baltimore.com>
Sender: owner-ipsec@lists.tislabs.com

> What does this mean for secure remote access?
> 
> The 'standard' IPSEC approach is to use an ESP tunnel to connect the client
> to a security GW on the edge of the corporate network.
> 
> If tunnel mode isn't supported in the client then this isn't possible, as
> transport mode will only get you to the GW.
> 
> Unless...  Windows is relying on a transport mode ESP with L2TP tunneling to
> provide the secure pipe(?).
 
It is.

> Wouldn't this cause interoperability issues
> between Win2k professional and third party IPSEC security gateways?
>

It does.
 
Regards,
Michael Carney

> Chris
> 
> > -----Original Message-----
> > From: Mike Carney [mailto:carney@securecomputing.com]
> > Sent: 08 May 2000 15:50
> > To: Patrick Ethier
> > Cc: 'Andrea Schiavoni'; ipsec@lists.tislabs.com;
> > carney@jumpsrv.stp.securecomputing.com
> > Subject: Re: Windows 2000 and Cicsco router interoperability 
> > 
> > 
> > 
> > > 
> > > It was brought to my attention about a month ago that W2K 
> > does not support
> > > tunneling mode. I can't confirm whether that is true or not 
> > because I
> > > haven't bothered to verify it. Try changing from tunnel to 
> > transport in your
> > > quick mode and see if it works. Let me know, I'm curious to 
> > find out if this
> > > is the case.
> > 
> > I believe it is the case that Windows 2000 Professional only support 
> > L2TP as the tunneling protocol (which may be over a IPSEC transport
> > session).
> > 
> > The Server and Advanced Server editions can support IPSEC tunnels when
> > acting as a gateway device.
> > 
> > See White Paper for the Windows 2000 Server operating system entitled
> > Microsoft Privacy Protected Network Access: 
> > Virtual Private Networking and Intranet Security
> > 
> > I have a paper copy and I'm not sure if it came off web site or the
> > MSDN subscription.
> > Regards,
> > Michael Carney
> > 
> > >  
> > >  
> > > Regards,
> > >  
> > > ________________ 
> > > Patrick Ethier 
> > > Product Development 
> > > SecureOps Inc. 
> > > patrick@secureops.com 
> > > (514) 982-0678 x 106 
> > > (514) 982-0362 - fax 
> > > 
> > > -----Original Message-----
> > > From: Andrea Schiavoni [mailto:s81331@cclinf.polito.it]
> > > Sent: Saturday, May 06, 2000 7:57 AM
> > > To: ipsec@lists.tislabs.com
> > > Subject: Windows 2000 and Cicsco router interoperability
> > > 
> > > 
> > > Has anybody tried ISAKMP between W2000 and Cisco routers?
> > > I have tried with pre-shared secret authentication method:
> > > des-sha1 and des-md5 in main mode
> > > des-esp , des-sha1 , des-md5 and ah in quick mode
> > >  
> > > They successfully worked in main mode, but they couldn't 
> > setup the IPsec SA
> > > in quick mode.
> > > Thanks
> > > Andrea Schiavoni

References:

RE: Windows 2000 and Cicsco router interoperability

From: Chris Trobridge <CTrobridge@baltimore.com>

Prev by Date: Re: Windows 2000 and Cicsco router interoperability
Next by Date: Win2000 IKE and 3des
Prev by thread: RE: PPP over IPSec (Re: Windows 2000 and Cicsco router interoperability)
Next by thread: A Gentle Reminder....
Index(es):
- Main
- Thread