[VPN] Re: VPN config question (fwd)

Christopher Gripp cgripp at axcelerant.com
Fri Sep 6 18:02:16 EDT 2002


The only VPN vendor I even know of that has XML in their vocab is
SonicWall and it isn't anywhere near what you are talking about.  They
use XML to substitute for a commande line for their SGMS (Global
Management Server).  So the devices themselves don't ever see the XML
file.  Just the server and it translates that into known commands.  Even
in this single vendor implementation it has been EXTREMELY difficult in
getting it to work as it is supposed to.  It shouldn't be as difficult
as it has been but their docs are very dated (tags have changed, etc)
and not ALL VPN params are able to be passed via the XML.  Anyway, I'd
love to see it too.  But have heard NOTHING about it until your inquiry.


Maybe it's time for an RFC.

Chris Gripp

-----Original Message-----
From: Dana J. Dawson [mailto:djdawso at qwest.com] 
Sent: Friday, September 06, 2002 12:04 PM
To: gclef at speakeasy.net
Cc: vpn at lists.shmoo.com
Subject: Re: [VPN] Re: VPN config question (fwd)


gclef at speakeasy.net wrote:

> Hello, all.
>        So, I was one of the folks at the Schmoo VPN-a-thon a while
ago, and the experience there, along with some issues with setting up my
own VPNs has me thinking....which means I have a question for all of
you:
>       Is there any movement (or even random rumbling) about defining
an XML standard for VPN parameter settings?  The idea I'm thinking of
is: You create a VPN on one machine, then have that machine dump out an
XML file of all the parameters needed for the VPN (key lifetimes,
hashing methods, etc...leave out shared secrets, perhaps).  Then I'd
like to be able to load this XML definition file onto the machine at the
other end of the VPN and be sure (for limited definitions of the word
sure) that both ends now agree on what the VPN should be doing.
>       The point would be to remove some of the uncertainty in setting
up VPNs between machines.  If both ends are using the same XML
definition file, they should have the same settings (tunneling, hashing,
encrypting, etc).  This should also help clear up some of the
uncertainty in getting cross-vendor VPNs to work.
>    Is anyone doing this already, or even thinking about it?  Or, more 
> fundamentally, do you all think it would be useful?
>
> Thanks.
>
> Aaron
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com http://lists.shmoo.com/mailman/listinfo/vpn

It sounds like a great idea to me!

Dana

--
Dana J. Dawson                     djdawso at qwest.com
Senior Staff Engineer              CCIE #1937
Qwest Communications               (612) 664-3364
600 Stinson Blvd., Suite 1S        (612) 664-4779 (FAX)
Minneapolis  MN  55413-2620

"Hard is where the money is."


_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn




More information about the VPN mailing list