[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cybg
Subject:    Re: [Cybg] Re: Cybg digest, Vol 1 #73 - 1 msg
From:       olivier.nicolas () real ! lu
Date:       2003-07-09 7:51:21
[Download RAW message or body]

This is a multipart message in MIME format.
--=_alternative 002B3B6DC1256D5E_=
Content-Type: text/plain; charset="us-ascii"

For rekeying compatibility, have a look at

http://www.vpnc.org/testing.html

Rekeying Conformance

The Rekeying Conformance test consists of setting up the same type of 
IPsec tunnel as is required for the Basic Conformance test, and then 
automatically rekeying the Phase 2 SA when it is needed. The Phase 2 SAs 
must also use perfect forward secrecy (usually called "PFS"). The tester 
must access a web server behind the test gateway before the rekeying and 
after the rekeying. As with the Basic test, this must be done on two test 
gateways. 


Olivier





Sang YOUNG <wsyoung@wsyoung.com>
Sent by: cybg-admin@realproject.be
07/08/2003 06:04 PM
Please respond to cybg

 
        To:     cybg@realproject.be
        cc: 
        Subject:        [Cybg] Re: Cybg digest, Vol 1 #73 - 1 msg


Hi,

For the vpn compatibility, try to get some hints from this site 
http://www.vpnc.org/InteropProfiles/

Sang


AFrom: "Matthew Harrell" <mhar@plex.com>
> To: cybg@realproject.be
> Date: Mon, 7 Jul 2003 14:28:30 -0400
> Subject: [Cybg] VPN reliability with Cyberguard firewalls?
> Reply-To: cybg@realproject.be
> 
> ------=_NextPart_84815C5ABAF209EF376268C8
> Content-type: text/plain; charset=US-ASCII
> 
> Hello again,
> 
> I'm still researching the possibility of switching from Raptor/Symantec
> Enterprise Firewall to Cyberguard.  One of the problems we've had
> consistently with SEF is its inability to play well with others when it
> comes to IKE VPNs.  It has a difficult time with rekeying when the 
firewall
> on the other end is not SEF.  We have constant situations where keys will
> expire, or a VPN will go down for some external reason, and the VPN won't
> come back up until I force a stop and restart of the VPN.
> 
> What are people's experiences with VPNs on Cyberguard firewalls, 
especially
> on 5.x versions?  Thanks ahead of time.
> 
> 
> -----------------
> Matt Harrell
> Plexus Systems
> mhar@plex.com

_______________________________________________
Cybg mailing list
Cybg@realproject.be
http://www.realproject.be/mailman/listinfo/cybg



--=_alternative 002B3B6DC1256D5E_=
Content-Type: text/html; charset="us-ascii"


<br><font size=2 face="sans-serif">For rekeying compatibility, have a look at</font>
<br>
<br><font size=2 face="sans-serif">http://www.vpnc.org/testing.html</font>
<br>
<br><font size=5 face="Times New Roman"><b>Rekeying Conformance</b></font>
<br>
<br><font size=3 face="Times New Roman">The Rekeying Conformance test consists of \
setting up the same type of IPsec tunnel as is required for the Basic Conformance \
test, and then automatically rekeying the Phase 2 SA when it is needed. The Phase 2 \
SAs must also use perfect forward secrecy (usually called &quot;PFS&quot;). The \
tester must access a web server behind the test gateway before the rekeying and after \
the rekeying. As with the Basic test, this must be done on two test gateways. </font> \
<br> <br>
<br><font size=2 face="sans-serif">Olivier</font>
<br>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif"><b>Sang YOUNG \
&lt;wsyoung@wsyoung.com&gt;</b></font> <br><font size=1 face="sans-serif">Sent by: \
cybg-admin@realproject.be</font> <p><font size=1 face="sans-serif">07/08/2003 06:04 \
PM</font> <br><font size=1 face="sans-serif">Please respond to cybg</font>
<br>
<td><font size=1 face="Arial">&nbsp; &nbsp; &nbsp; &nbsp; </font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; To: &nbsp; &nbsp; \
&nbsp; &nbsp;cybg@realproject.be</font> <br><font size=1 face="sans-serif">&nbsp; \
&nbsp; &nbsp; &nbsp; cc: &nbsp; &nbsp; &nbsp; &nbsp;</font> <br><font size=1 \
face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; Subject: &nbsp; &nbsp; &nbsp; \
&nbsp;[Cybg] Re: Cybg digest, Vol 1 #73 - 1 msg</font></table> <br>
<br>
<br><font size=2 face="Courier New">Hi,<br>
<br>
For the vpn compatibility, try to get some hints from this site <br>
http://www.vpnc.org/InteropProfiles/<br>
<br>
Sang<br>
<br>
<br>
AFrom: &quot;Matthew Harrell&quot; &lt;mhar@plex.com&gt;<br>
&gt;To: cybg@realproject.be<br>
&gt;Date: Mon, 7 Jul 2003 14:28:30 -0400<br>
&gt;Subject: [Cybg] VPN reliability with Cyberguard firewalls?<br>
&gt;Reply-To: cybg@realproject.be<br>
&gt;<br>
&gt;------=_NextPart_84815C5ABAF209EF376268C8<br>
&gt;Content-type: text/plain; charset=US-ASCII<br>
&gt;<br>
&gt;Hello again,<br>
&gt;<br>
&gt;I'm still researching the possibility of switching from Raptor/Symantec<br>
&gt;Enterprise Firewall to Cyberguard. &nbsp;One of the problems we've had<br>
&gt;consistently with SEF is its inability to play well with others when it<br>
&gt;comes to IKE VPNs. &nbsp;It has a difficult time with rekeying when the \
firewall<br> &gt;on the other end is not SEF. &nbsp;We have constant situations where \
keys will<br> &gt;expire, or a VPN will go down for some external reason, and the VPN \
won't<br> &gt;come back up until I force a stop and restart of the VPN.<br>
&gt;<br>
&gt;What are people's experiences with VPNs on Cyberguard firewalls, especially<br>
&gt;on 5.x versions? &nbsp;Thanks ahead of time.<br>
&gt;<br>
&gt;<br>
&gt;-----------------<br>
&gt;Matt Harrell<br>
&gt;Plexus Systems<br>
&gt;mhar@plex.com<br>
<br>
_______________________________________________<br>
Cybg mailing list<br>
Cybg@realproject.be<br>
http://www.realproject.be/mailman/listinfo/cybg<br>
</font>
<br>
<br>
--=_alternative 002B3B6DC1256D5E_=--
_______________________________________________
Cybg mailing list
Cybg@realproject.be
http://www.realproject.be/mailman/listinfo/cybg


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic