[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Windows 2000 and Cicsco router interoperability
Chris Tolbridge wrote:
> The 'standard' IPSEC approach is to use an ESP tunnel to connect the client
> to a security GW on the edge of the corporate network.
>
> If tunnel mode isn't supported in the client then this isn't possible, as
> transport mode will only get you to the GW.
>
> Unless... Windows is relying on a transport mode ESP with L2TP tunneling to
> provide the secure pipe(?). Wouldn't this cause interoperability issues
> between Win2k professional and third party IPSEC security gateways?
Win2K does implement L2TP over IPSEC in transport mode. It uses PPP
to transfer configuration information, such as a virtual IP address
to the remote client. IMHO, an assigned virtual IP address is mandatory
for remote access applications and Win2K does not, to my knowledge,
implement Mode Config (or XAUTH). So, Win2K is not really appropriate
for remote access application using native IPSEC tunnels. It relies
upon L2TP for the same functionality.
-Ben McCann
--
Ben McCann Indus River Networks
31 Nagog Park
Acton, MA, 01720
email: bmccann@indusriver.com web: www.indusriver.com
phone: (978) 266-8140 fax: (978) 266-8111
Follow-Ups:
References: