[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Windows 2000 and Cicsco router interoperability
The point in the text was that W2K does not support remote access
when using IPSEC Tunnels on their own, which is very true:
1) no address assignment
2) no 'legacy' or 'user' authentication
3) no compression
4) no DUN integration (like that available for L2TP/PPTP)
IPSEC Tunnels in W2K is only suitable for desk-top or LAN-LAN protection.
It CAN be used for remote access, but your are on your own with configuring
it. The IPSEC protection of L2TP happens automatically.
Steve.
-----Original Message-----
From: Dan Harkins [mailto:dharkins@network-alchemy.com]
Sent: Wednesday, May 10, 2000 5:22 PM
To: Ben McCann
Cc: Chris Trobridge; Mike Carney; ipsec@lists.tislabs.com
Subject: Re: Windows 2000 and Cicsco router interoperability
Since when is implementation of Mode Config (or XAUTH) necessary
to be appropriate for remote access? Actually, Win2K seems to be
using _standard protocols_ (IPSec-- err, IPsec, L2TP, PPP) to
solve the problem. Imagine that.
Dan.
On Wed, 10 May 2000 09:10:35 EDT you wrote
> Win2K does implement L2TP over IPSEC in transport mode. It uses PPP
> to transfer configuration information, such as a virtual IP address
> to the remote client. IMHO, an assigned virtual IP address is mandatory
> for remote access applications and Win2K does not, to my knowledge,
> implement Mode Config (or XAUTH). So, Win2K is not really appropriate
> for remote access application using native IPSEC tunnels. It relies
> upon L2TP for the same functionality.
>
> -Ben McCann
>
> --
> Ben McCann Indus River Networks
> 31 Nagog Park
> Acton, MA, 01720
> email: bmccann@indusriver.com web: www.indusriver.com
> phone: (978) 266-8140 fax: (978) 266-8111
Follow-Ups: