© Yuri Arcurs, 123RF.com

© Yuri Arcurs, 123RF.com

Connecting dissimilar IPsec implementations

Rendezvous

Article from ADMIN 04/2011
By
Any implementation of the standard-based IPsec is supposed to work with any other implementation – but sometimes you need a little extra effort. This article tests some IPsec implementations to see how well they fit.

Most admins are well aware of IPsec, the powerful protocol used to encrypt network traffic over TCP/IP networks. IPsec is often used with VPN connections to join remote LANs through a private tunnel over the Internet.

The first RFCs on IPsec were drafted during the development of IPv6 and date back to 1995. The current version is described by RFC 4301 and later RFCs. The IPsec specification refers to a number of other supporting protocols. Another protocol known as the Internet Key Exchange Protocol (IKE) lets the user avoid having to set the key randomly with each session; the first RFC relating to IKE dates back to 1998, and the current version IKEv2 is detailed by RFC 5996. Various features were added to IKE through the years to support enhancements such as Challenge Response authentication.

Implementations of the IPsec and IKE are available in various firewall products, network components, and operating systems. Despite the long, standards-based history of IPsec, different vendors implement their IPsec tools in different ways, leading to occasional complications when the two ends of the tunnel are using dissimilar implementations. I decided to try connecting several IPsec alternatives to see which versions worked best (and worst) together. My tests included the following:

  • Kame/Racoon on Mac OS X and Linux
  • Solaris 10
  • Windows Server 2008
  • Cisco-Router with IOS 12
  • Juniper SRX
  • Checkpoint R70
  • Fortinet Fortigate

The good news is that VPN connections were successfully established between all the candidates. This article looks at the details of configuring the individual components and points out the pitfalls associated with the various pairings. Along the way, you'll get a glimpse at what it is like to configure each of these IPsec tools, in case you happen to be searching for your own IPsec solution.

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Cross-Vendor IPsec

    Any implementation of the standards-based IPsec is supposed to work with any other implementation – but sometimes you need a little extra effort. This article tests some IPsec implementations to see how well they fit.

    more »
  • Make it …
    more »
  • Lead Image © fckncg, 123RF.com
    VPN clients for Android and iOS
    Smartphones and tablets using hotspots and mobile data connections are susceptible to spying. iOS and Android each supply a tunneled VPN connection out of the box. We take a look at their apps, as well as third-party apps to see if they offer more.
    more »
  • Photo by Damon Lam on Unsplash
    Open source multipoint VPN with VyOS
    The VyOS Linux distribution puts network routing, firewall, and VPN functionality together and presents a fully working dynamic multipoint VPN router as an alternative or addition to a Cisco DMVPN mesh.
    more »
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=