IPsec tunnel set-up

Barry Schon Barry.Schon at hbfuller.com
Wed Jun 9 10:00:44 EDT 1999 

>>>> <guy.raymakers at europe.eds.com> 06/09 2:51 AM >>>
>Hi,
>
>I'm rather new to these VPN stuff, but I was asked to look at different
>products/protocols to build a VPN.  Currently I'm doing some tests with a Nortel
>CES2000 and a Nortel Nautica 250. The IPsec protocol is working fine but now I
>still have question about the security aspect of this solution. Is there someone
>using the same setup (CES2000 and N250) that can tell me what authentication and
>encryption they use ? Also what is the experience with this product line ?
>
>Many Thanks,
>Guy Raymakers
>Belgium

I am receiving today tomorrow from Nortel a CES1500 for testing purposes.  I'd be happy to help after I have some time to take a look at something other than documentation.  I am currently planning on using IPSec with ESP in Tunnel Mode (Triple DES/MD5 or just DES, depending on export restrictions), external RADIUS via Shiva Access Manager (internal LDAP groups), and the Contivity Extranet Client with iPass roaming services.  I believe the security of this setup is good, and to get better you have to add token (host) based security like SecurID and/or PKI (the only one currently supported until v2.5 is Entrust), which we will be considering later.  Also, centrally we'll have two CES4500s.  I'll know more of course once I get moving on our testing but I'd be happy to keep in contact to share results.

Regards,
-Barry
H.B. Fuller VPN Project Lead

Barry Schon
Network Analyst
Corporate IT - Network Services/WAN
H.B. Fuller Company
1275 Grey Fox Rd.
Arden Hills, MN, USA 55112

barry.schon at hbfuller.com
Ph: +1 (651) 236-4114
Fax: +1 (651) 236-4444

****************************************************************
TO POST A MESSAGE on this list, send it to vpn at listserv.secnetgroup.com

The VPN FAQ (under construction) is available at
http://kubarb.phsx.ukans.edu/~tbird/FAQ.html

We are currently experiencing "unsubscribe" difficulties.  If you
wish to unsubscribe, please send a message containing the single line
"unsubscribe vpn your-e-mail-address" to owner-vpn at listserv.secnetgroup.com

****************************************************************

More information about the VPN mailing list