About IPsec

About IPsec

Post by Sachin - sachinns.. » Sun, 09 Mar 2003 00:38:40


I want to make IPsec in vxWorks. I am using windRiver Tornado-II.

I am not able to find out how can I start.Many of you had made IPsec
under this environment. So, Please guide me, How can I start coding.



1. EAP-TLS IPSEC VPN/Radius senario

 Here's what I am trying to do, all Win2003 servers and problems with IPSEC/

DSL-->Firewall-->RRAS/VPN-->IAS -->Domain controller

I can PPTP no problem so ports/firewall = no problem

trying to setup EAP-TLS IPSEC ..(smartcards for clients dialing in addition
to user/pass). RRAS-->IAS Secrets ok, EAP-users have dial-in rights.. IAS is
auth in the Domain. CMAK/PBS setup  ok on client to propagate down local Pop
phone# info to clients etc.

areas I am not clear about is how to setup the Certificate Server itself  or
the Ipsec policies on the client.. is there a walkthrough or other things
you can point me to, I saw a presentation by the MS PM on IPSEC (Dixon?) on
this senario and how MS IS department does it for employee VPN with CA's on
Smartcards.. we would like to do a very similar deployment. .. I am not sure
if MS released a Case study on it's own deployment or not..

one last question .. Cisco -VS - Microsoft. VPN

  It's my understanding MS doesn't actually do encryption (I don't mean
encapsultate) on the entire IPSec tunnel (understanding that Ipsec itself
encrypts at multiple levels of the OSI model inside the encapsulated
packet ) but Cisco talks about doing DES or 3DES on the IPSEC tunnels to
like the PIX 501 VPN hardware.. I don't see MSFT offering this.. or do they
do this some other way..

in terms of Speed of throughput on IPSEC Tunnels.. would Using Win2003
actually be slower then dedicated VPN hardware  (takes more on the CPU of
the VPN server) our entire network VPN -->IAS-->DC is running on Gigabit ..
the bottleneck being T-1 internet and 10/100 Routers (due to cost of 1 &
10Gbps Routers)or simply making sure we buy NIC cards that offload IPSEC on
the NIC -vs- CPU resolve that issue.. does MS have performance numbers

any help on the CA server /Ipsec policies for the senario above would be

 thanks a bunch

2. Graphics terminal emulator for MS-DOS

3. IPSec offload - Intel Pro NIC

4. sonic wall VPN firewall firmware upgrade problems

5. SNMPv2 versus IPSEC versus SSL versus Kerberos

6. GP and screensaving

7. help with IPSec MIB

8. An open question/suggestion/challenge

9. IPSEC offload problem 2

10. NDIS / ipsec.sys details?

11. ipsec

12. TCP Large Send and IPSec Offload

13. PGPNet and Win2000 IPSec interoperability??