Interop Labs VPN Interoperability Demo - PowerPoint PPT Presentation

About This Presentation
Title:

Interop Labs VPN Interoperability Demo

Description:

3. VPN E device de-tunnels packet and sends to Connectivity Tester on VPN E ... Connectivity Tester. VPN Device. Some also have management stations in the iLabs. 13 ... – PowerPoint PPT presentation

Number of Views:41
Avg rating:3.0/5.0
Slides: 19
Provided by: christophe141
Category:

less

Transcript and Presenter's Notes

Title: Interop Labs VPN Interoperability Demo


1
Interop LabsVPN Interoperability Demo
  • Las Vegas, Nevada
  • May, 1999

2
VPN InteroperabilityWhat are you seeing?
  • Worlds Largest Public VPN Interoperability
    Demonstration
  • All IPSEC (IP Security) compliant
  • All using IKE/ISAKMP (Internet Key Exchange)

3
VPN InteroperabilityWhat are you not seeing?
  • Not every product supports the same set of SA
    establishment profiles
  • 3DES versus DES
  • Subnet versus Host-based SAs
  • ISAKMP versus IPSEC profile sets
  • Not all SW versions seen here are
    shipping/released
  • SA re-establishment not well defined

4
VPN InteroperabilityWhat are the pieces?
  • 12 vendors
  • 65 site-to-site tunnels
  • IP traffic with TCP and UDP
  • ESP Tunneling Encryption
  • Authentication within ESP
  • IKE/ISAKMP key management with preshared secrets

5
VPN InteroperabilityWhy is this interesting?
  • Vendor independent VPN
  • You need not be locked into a single vendor
    solution for VPNs any more!
  • You can talk to other enterprises who have
    already chosen a VPN vendor
  • Product flexibility
  • Not every vendor has every answer
  • Mix and match to fit your needs
  • Standards Assurance
  • Vendors who successfully interoperate will not
    lead you down a proprietary path

6
VPN InteroperabilityHow did we do it?
  • Step1 Start with a public LAN

Router
7
VPN InteroperabilityHow we did it Step 2
  • Add VPN vendors

LAN A
LAN B
Router
VPN A device
VPN B device
VPN C device
VPN D device
VPN E device
LAN C
LAN D
LAN E
Mgmt station
Mgmt station
Mgmt station
8
VPN InteroperabilityHow we did it Step 3
  • Add Connectivity Testers

Conn. Tester
LAN A
LAN B
Router
VPN A device
VPN B device
Conn. Tester
VPN C device
VPN D device
VPN E device
LAN C
LAN D
LAN E
Mgmt station
Mgmt station
Mgmt station
Conn. Tester
Conn. Tester
Conn. Tester
9
VPN InteroperabilityHow we did it Step 4
  • Verify VPNs

Conn. Tester
LAN A
LAN B
Router
VPN A device
VPN B device
Conn. Tester
VPN C device
VPN D device
VPN E device
LAN C
LAN D
LAN E
Mgmt station
Mgmt station
Mgmt station
Conn. Tester
Conn. Tester
Conn. Tester
10
VPN InteroperabilityHow did we do it?
Conn. Tester
1. Connectivity Tester on VPN B sends a packet to
Connectivity Tester on VPN E
5. B Tester receives response and updates web page
LAN B
VPN B device
2. VPN B device tunnels packet in IPSEC and sends
to VPN E device
VPN E device
3. VPN E device de-tunnels packet and sends to
Connectivity Tester on VPN E
LAN E
4. Connectivity Tester on VPN E receives packet
and sends response to Connectivity Tester on VPN B
Mgmt station
Conn. Tester
11
VPN Interoperability See 12 VPNs in Operation
Nortel
Timestep
Cisco
RadGuard
VPNet
Internet Dynamics
Microsoft
FreeS/WAN
Checkpoint
Data Fellows
Intel
RedCreek
12
Each VPN has a VPN device and Connectivity Tester
Some also have management stations in the iLabs
Connectivity Tester
Management Station
VPN Device
13
VPN InteroperabilityVPN Device connections
  • VPN Devices have two connections
  • One to its private network (unencrypted
    clients/servers)
  • One to the public network (encrypted traffic
    only)
  • Connectivity Tester is on the private network

14
VPN InteroperabilityConnectivity Tester
The Connectivity Tester on each LAN shows VPN
encrypted connectivity between vendors. Vendor
logos indicate a successful tunnel between this
tester and the other products shown
15
VPN InteroperabilityProtocol Analysis
  • W W G and Shomiti protocol analyzers are
    available to watch IPSEC SA establishment

16
VPN InteroperabilityParticipating VPN Products
(1 of 2)
17
VPN InteroperabilityParticipating VPN Products
(2 of 2)
18
VPN InteroperabilityInterop VPN Labs Team
Write a Comment
User Comments (0)
About PowerShow.com