Firewall Wizards: Re: Whitepaper: a closer look on what goes on behind the scene during the setup of a IPSec remote access VPN

[Brian Ford <brford () cisco com>]

Christopher,

I think you've done an admirable job of presenting IPsec as it could be 
used for remote access connectivity and based on my limited knowledge a 
good job covering how Check Point may use IPsec to establish a client 
connection.  It's very good work.  I think it's a bit of a stretch to say 
that all IPsec implementations work this way after looking at only one 
commercial vendors product.  I suggest you should address that in your title.
I'd be interested in hearing your perspective of where this breaks 
down.  What are the most common causes for connections to not establish or 
to fail?  It would be especially interesting to look at that given your 
study of the RFCs.  An often asked question when things break: Is it the 
vendors implementation or something not covered in the RFC.
You may want to look at the work done by (and perhaps talk to) the folks at 
ICSA Labs (http://www.icsalabs.com), as they  offer an IPsec 
Interoperability program that many vendors subscribe to in order to test 
their products conformance to the RFCs and ability interoperate with other 
vendors implementations.   There are people from the Labs on this list.
Good job.

Liberty for All,

Brian


At 09:42 AM 1/7/2002 -0500, firewall-wizards-request () nfr com wrote:
> Message: 3
> Date: Sat,  5 Jan 2002 22:39:27 -0500
> From: Christopher Lee <complexity () bigfoot com>
> To: firewall-wizards () nfr com
> Subject: [fw-wiz] Whitepaper: a closer look on what goes on behind the 
> scene during the setup of a IPSec remote access VPN
> To the member of the Firewall-Wizards list,
>
> Throughout this Christmas/New Year holidays, I finished reading a few InfoSec
> related books and I find myself ending up with more questions than 
> answers.  I
> mean, how does the two phase IPSec key exchange really works (packet by 
> packet,
> that is)...  I mean, how does IPSec guard against replaying attack, or more
> fundamentally, how do I know if my login credentials are safe when the 
> firewall
> is doing an Aggressive Mode key exchange (no encryption takes place during an
> aggressive mode key exchange)??
>
> So I then do my own research, base only on documents on the IETF websites (a
> reliable source, I supposed) and the result of my own sniffer trace of a 
> IPSec
> remote access VPN session, and come up with this little white paper on what
> goes on behind the scene during a IPSec VPN setup.  I figure, the best way to
> make sure I understands a technologies correctly is to post my finding on the
> web and invite others to critique and comment upon.
>
> While the example in this white paper is that of a CheckPoint VPN, but its
> principle should conver IPSec VPN in general.  Please take a look at this 
> paper
> when you get a chance and do drop me a line (and tell me how wrong I am about
> the subject).  :-)
>
> This white paper is posted on
> http://complexity.webhop.net/closer_look_at_IPSec.html
>
> Regards,
>
> Christopher Lee
> PGP Fingerprint: 15C1 65D0 E051 C64D 5246  89FC 5AE3 DE2C 8F1E 89A7
> Personal Web Page: http://complexity.webhop.net
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards