1 / 18

Interop Labs VPN Interoperability Demo

Interop Labs VPN Interoperability Demo. Las Vegas, Nevada May, 1999. VPN Interoperability: What are you seeing?. World’s Largest Public VPN Interoperability Demonstration All IPSEC (IP Security) compliant All using IKE/ISAKMP (Internet Key Exchange).

xia
Download Presentation

Interop Labs VPN Interoperability Demo

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Interop LabsVPN Interoperability Demo Las Vegas, Nevada May, 1999

  2. VPN Interoperability:What are you seeing? • World’s Largest Public VPN Interoperability Demonstration • All IPSEC (IP Security) compliant • All using IKE/ISAKMP (Internet Key Exchange)

  3. VPN Interoperability:What are you not seeing? • Not every product supports the same set of SA establishment profiles • 3DES versus DES • Subnet versus Host-based SAs • ISAKMP versus IPSEC profile sets • Not all SW versions seen here are shipping/released • SA re-establishment not well defined

  4. VPN Interoperability:What are the pieces? • 12 vendors • 65 site-to-site tunnels • IP traffic with TCP and UDP • ESP Tunneling Encryption • Authentication within ESP • IKE/ISAKMP key management with preshared secrets

  5. VPN Interoperability:Why is this interesting? • Vendor independent VPN • You need not be locked into a single vendor solution for VPNs any more! • You can talk to other enterprises who have already chosen a VPN vendor • Product flexibility • Not every vendor has every answer • Mix and match to fit your needs • Standards Assurance • Vendors who successfully interoperate will not lead you down a proprietary path

  6. VPN Interoperability:How did we do it? • Step1: Start with a public LAN Router

  7. VPN Interoperability:How we did it: Step 2 • Add VPN vendors LAN A LAN B VPN A device VPN B device Router VPN C device VPN D device VPN E device LAN C LAN D LAN E Mgmt station Mgmt station Mgmt station

  8. VPN Interoperability:How we did it: Step 3 • Add Connectivity Testers Conn. Tester LAN A LAN B Conn. Tester VPN A device VPN B device Router VPN C device VPN D device VPN E device LAN C LAN D LAN E Mgmt station Conn. Tester Conn. Tester Mgmt station Conn. Tester Mgmt station

  9. VPN Interoperability:How we did it: Step 4 • Verify VPNs Conn. Tester LAN A LAN B Conn. Tester VPN A device VPN B device Router VPN C device VPN D device VPN E device LAN C LAN D LAN E Mgmt station Conn. Tester Conn. Tester Mgmt station Conn. Tester Mgmt station

  10. VPN Interoperability:How did we do it? Conn. Tester 1. Connectivity Tester on VPN B sends a packet to Connectivity Tester on VPN E 5. B Tester receives response and updates web page LAN B VPN B device 2. VPN B device tunnels packet in IPSEC and sends to VPN E device VPN E device 3. VPN E device de-tunnels packet and sends to Connectivity Tester on VPN E LAN E 4. Connectivity Tester on VPN E receives packet and sends response to Connectivity Tester on VPN B Conn. Tester Mgmt station

  11. VPN Interoperability:See 12 VPNs in Operation Nortel Timestep Cisco RadGuard VPNet Internet Dynamics Microsoft FreeS/WAN Checkpoint Data Fellows Intel RedCreek

  12. Each VPN has a VPN device and Connectivity Tester Some also have management stations in the iLabs Connectivity Tester Management Station VPN Device

  13. VPN Interoperability:VPN Device connections • VPN Devices have two connections • One to its private network (unencrypted clients/servers) • One to the public network (encrypted traffic only) • Connectivity Tester is on the private network

  14. VPN Interoperability:Connectivity Tester The Connectivity Tester on each LAN shows VPN encrypted connectivity between vendors. Vendor logos indicate a successful tunnel between this tester and the other products shown

  15. VPN Interoperability:Protocol Analysis • W W G and Shomiti protocol analyzers are available to watch IPSEC SA establishment

  16. VPN Interoperability:Participating VPN Products (1 of 2)

  17. VPN Interoperability:Participating VPN Products (2 of 2)

  18. VPN Interoperability:Interop VPN Labs Team

More Related