[vpn] certificates

Travis Watson rtwatson at qwest.net
Sat Mar 30 21:12:46 EST 2002 

Johan,

This was a rather large topic just recently in this room and you would be
wise to read it (in case you haven't), but I would recommend a Nokia cc500.
You can make yourself an internal CA and distribute certificates with it to
client users.  If your company decides to use smart cards, so be it (but I
doubt that they will want to pay for it).  FreeS/WAN is great for b-b's, but
is still lacking in client use due to corporate addiction to MS.  Just a
personal opinion and, admittedly, I don't know a whole lot about it from the
client side (though I love it as a b-b solution).  You can get a Nokia
cc500--with support--for $1500US from a decent reseller.  With a client base
of 40, that's less than $40US/head for however long it lasts and can grow
out to, approximately, 500 users.

That seems preferable to trying to develop a FreeS/WAN solution that is to
be sent out to a bunch of shaky-hand users just trying to read their email
on a variety of MS platforms (assuming that is the case).

You could take a look at a Nokia IP120 running checkpoint VPN-1 NG as well.
It will cost more money--to be sure--but it sets up nicely, you can't get
fired for trying to recommend it, and the client software (for a fee--list
$40US/person) comes with an integrated firewall.  You can also set yourself
up as an internal CA and issue certs with it to client users.

Especially given your concerns about trying to minimize admin
work/knowledge/responsibility, I would go with a different solution other
than FreeS/WAN unless your end users are rather tech savvy.

Regards,

Travis

-----Original Message-----
From: meiremania.com [mailto:johan.meire at rug.ac.be]
Sent: Thursday, March 28, 2002 10:52 AM
To: vpn at securityfocus.com
Subject: [vpn] certificates


Hello all,

I'm implementing a vpn-soluition for about 40 users so they could play road
warrior from home. I'm testing Freeswan at the moment but I'm still in doubt
on which authentication mechanism to use. Somebody advised x.509
certificates to me, but I'm still not sure. What does interestme most is to
reduce the user-management for the sysadmin, so I wonder what are all the
pro's and contra's of the different authentication methods.

anyone ?

greetz
Johan


VPN is sponsored by SecurityFocus.com



VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list