Linked by David Bogen on Mon 26th Jan 2004 04:47 UTC
For many systems administrators, choosing and managing a VPN system is often quite a headache. Inflexible clients, servers, and protocols often prevent VPN's from being smoothly integrated into an already functioning network. The fact that many VPN clients are installed on users' home computers, well out of the reach of the systems administration team, often means that troubleshooting and upgrading VPN systems is time consuming and a struggle for both admins and users.
Permalink for comment
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
slash: As Florin said, IPSec isn't easy. Having commercial solutions - Watchguard, Checkpoint, Cisco makes the pain easier, but having both protocol types as well as port types (IPSec) makes NAT hard. ALGs are often required in NAT deployments to keep it all working nicely.
PPTP is similar in that you need a TCP port and another protocol to be supported in your NAT gateway.
As I said earlier, L2TP is great that it's only one port and protocol type to support. This is pretty much L2TP but with encryption.
Also the more complicated with your security you get, the harder it is to support. Suddenly you have you get a self-signed CA for your organisation if you don't want a commercial variety. How do you distribute the PKIs and revocation servers for IPSec? You'll have to face all these questions, and more.