[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Windows 2000 and Cicsco router interoperability

To: "'Waters, Stephen'" <Stephen.Waters@cabletron.com>, Dan Harkins <dharkins@network-alchemy.com>
Subject: RE: Windows 2000 and Cicsco router interoperability
From: Michel de Koning <mdkoning@vanenburg.com>
Date: Thu, 11 May 2000 14:48:06 +0200
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

True,

I use a PPTP connection after setting up IPsec tunnel between W2k client/NT4
client with cisco client and w2k VPN server. 
This allows NT4 machines that are not L2TP compatible to connect as well. 

When everyone in our organization has migrated to W2k only L2TP should be
sufficient.

IPsec using mode-config for W2k will probably be available in some service
pack to come? not?

thanks


Michel

-----Original Message-----
From: Waters, Stephen [mailto:Stephen.Waters@cabletron.com]
Sent: Thursday, May 11, 2000 12:10 PM
To: Dan Harkins
Cc: ipsec@lists.tislabs.com
Subject: RE: Windows 2000 and Cicsco router interoperability 



The point in the text was that W2K does not support remote access
when using IPSEC Tunnels on their own, which is very true:

1) no address assignment
2) no 'legacy' or 'user' authentication
3) no compression
4) no DUN integration (like that available for L2TP/PPTP)


IPSEC Tunnels in W2K is only suitable for desk-top or LAN-LAN protection.
It CAN be used for remote access, but your are on your own with configuring
it. The IPSEC protection of L2TP happens automatically.

Steve.

-----Original Message-----
From: Dan Harkins [mailto:dharkins@network-alchemy.com]
Sent: Wednesday, May 10, 2000 5:22 PM
To: Ben McCann
Cc: Chris Trobridge; Mike Carney; ipsec@lists.tislabs.com
Subject: Re: Windows 2000 and Cicsco router interoperability 


  Since when is implementation of Mode Config (or XAUTH) necessary
to be appropriate for remote access? Actually, Win2K seems to be
using _standard protocols_ (IPSec-- err, IPsec, L2TP, PPP) to 
solve the problem. Imagine that.

  Dan.

On Wed, 10 May 2000 09:10:35 EDT you wrote
> Win2K does implement L2TP over IPSEC in transport mode. It uses PPP
> to transfer configuration information, such as a virtual IP address
> to the remote client. IMHO, an assigned virtual IP address is mandatory
> for remote access applications and Win2K does not, to my knowledge,
> implement Mode Config (or XAUTH). So, Win2K is not really appropriate
> for remote access application using native IPSEC tunnels. It relies
> upon L2TP for the same functionality.
> 
> -Ben McCann
> 
> -- 
> Ben McCann                              Indus River Networks
>                                         31 Nagog Park
>                                         Acton, MA, 01720
> email: bmccann@indusriver.com           web: www.indusriver.com 
> phone: (978) 266-8140                   fax: (978) 266-8111

Prev by Date: RE: Windows 2000 and Cicsco router interoperability
Next by Date: IRAC connectivity via NAT: L2TP the best solution?
Prev by thread: RE: Windows 2000 and Cicsco router interoperability
Next by thread: RE: Windows 2000 and Cicsco router interoperability
Index(es):
- Main
- Thread