“Last week I covered some concerns with IPSec that most people
seem unaware of. This week I’ll be covering several of the more
popular/advanced IPSec solutions, their shortcomings and their
strengths. Obviously, for IPSec to become commonplace, the
various implementations need to be compatible. Of course, the
problem is that there is compatibility and there is
“compatibility.” Most implementations have at least adhered to the
basic IPSec standards, such as protocols, service types and so on.
Many, however, have added extensions, not all of which are
compatible with others.“
“The most common extensions are in the authentication and
management areas of IPSec. There are three basic methods you can
use to authenticate IPSec connections, the first being a pre-shared
secret.”
“A pre-shared secret may be in the form of a long alpha-numeric
string, a username and password, or even a token-based system such
as SecureID. The problem with this is, you must configure
authentication in advance and both parties must be able to
communicate securely to share the information. This solution is
fine for inter-company VPNs, laptop users and so on. However, it
does not scale (you need a secure channel beforehand to establish
the shared credentials, which are later used as proof of ID).”