I want to make IPsec in vxWorks. I am using windRiver Tornado-II.
I am not able to find out how can I start.Many of you had made IPsec
under this environment. So, Please guide me, How can I start coding.
Here's what I am trying to do, all Win2003 servers and problems with IPSEC/
DSL-->Firewall-->RRAS/VPN-->IAS -->Domain controller
I can PPTP no problem so ports/firewall = no problem
trying to setup EAP-TLS IPSEC ..(smartcards for clients dialing in addition
to user/pass). RRAS-->IAS Secrets ok, EAP-users have dial-in rights.. IAS is
auth in the Domain. CMAK/PBS setup ok on client to propagate down local Pop
phone# info to clients etc.
areas I am not clear about is how to setup the Certificate Server itself or
the Ipsec policies on the client.. is there a walkthrough or other things
you can point me to, I saw a presentation by the MS PM on IPSEC (Dixon?) on
this senario and how MS IS department does it for employee VPN with CA's on
Smartcards.. we would like to do a very similar deployment. .. I am not sure
if MS released a Case study on it's own deployment or not..
one last question .. Cisco -VS - Microsoft. VPN
It's my understanding MS doesn't actually do encryption (I don't mean
encapsultate) on the entire IPSec tunnel (understanding that Ipsec itself
encrypts at multiple levels of the OSI model inside the encapsulated
packet ) but Cisco talks about doing DES or 3DES on the IPSEC tunnels to
like the PIX 501 VPN hardware.. I don't see MSFT offering this.. or do they
do this some other way..
in terms of Speed of throughput on IPSEC Tunnels.. would Using Win2003
actually be slower then dedicated VPN hardware (takes more on the CPU of
the VPN server) our entire network VPN -->IAS-->DC is running on Gigabit ..
the bottleneck being T-1 internet and 10/100 Routers (due to cost of 1 &
10Gbps Routers)or simply making sure we buy NIC cards that offload IPSEC on
the NIC -vs- CPU resolve that issue.. does MS have performance numbers
any help on the CA server /Ipsec policies for the senario above would be
thanks a bunch