Firewall Wizards mailing list archives
Re: Whitepaper: a closer look on what goes on behind the scene during the setup of a IPSec remote access VPN
From: Brian Ford <brford () cisco com>
Date: Mon, 07 Jan 2002 16:03:37 -0500
Christopher,I think you've done an admirable job of presenting IPsec as it could be used for remote access connectivity and based on my limited knowledge a good job covering how Check Point may use IPsec to establish a client connection. It's very good work. I think it's a bit of a stretch to say that all IPsec implementations work this way after looking at only one commercial vendors product. I suggest you should address that in your title.
I'd be interested in hearing your perspective of where this breaks down. What are the most common causes for connections to not establish or to fail? It would be especially interesting to look at that given your study of the RFCs. An often asked question when things break: Is it the vendors implementation or something not covered in the RFC.
You may want to look at the work done by (and perhaps talk to) the folks at ICSA Labs (http://www.icsalabs.com), as they offer an IPsec Interoperability program that many vendors subscribe to in order to test their products conformance to the RFCs and ability interoperate with other vendors implementations. There are people from the Labs on this list.
Good job. Liberty for All, Brian At 09:42 AM 1/7/2002 -0500, firewall-wizards-request () nfr com wrote:
Message: 3 Date: Sat, 5 Jan 2002 22:39:27 -0500 From: Christopher Lee <complexity () bigfoot com> To: firewall-wizards () nfr comSubject: [fw-wiz] Whitepaper: a closer look on what goes on behind the scene during the setup of a IPSec remote access VPNTo the member of the Firewall-Wizards list, Throughout this Christmas/New Year holidays, I finished reading a few InfoSecrelated books and I find myself ending up with more questions than answers. I mean, how does the two phase IPSec key exchange really works (packet by packet,that is)... I mean, how does IPSec guard against replaying attack, or morefundamentally, how do I know if my login credentials are safe when the firewallis doing an Aggressive Mode key exchange (no encryption takes place during an aggressive mode key exchange)?? So I then do my own research, base only on documents on the IETF websites (areliable source, I supposed) and the result of my own sniffer trace of a IPSecremote access VPN session, and come up with this little white paper on what goes on behind the scene during a IPSec VPN setup. I figure, the best way to make sure I understands a technologies correctly is to post my finding on the web and invite others to critique and comment upon. While the example in this white paper is that of a CheckPoint VPN, but itsprinciple should conver IPSec VPN in general. Please take a look at this paperwhen you get a chance and do drop me a line (and tell me how wrong I am about the subject). :-) This white paper is posted on http://complexity.webhop.net/closer_look_at_IPSec.html Regards, Christopher Lee PGP Fingerprint: 15C1 65D0 E051 C64D 5246 89FC 5AE3 DE2C 8F1E 89A7 Personal Web Page: http://complexity.webhop.net
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Whitepaper: a closer look on what goes on behind the scene during the setup of a IPSec remote access VPN Christopher Lee (Jan 06)
- <Possible follow-ups>
- RE: Whitepaper: a closer look on what goes on behind the scene during the setup of a IPSec remote access VPN Carl Friedberg (Jan 07)
- Re: Whitepaper: a closer look on what goes on behind the scene during the setup of a IPSec remote access VPN Brian Ford (Jan 07)