IPSec VPN Capabilities and Interoperability
Abstract
The Advanced Prototyping, Engineering & eXperimentation (APEX) Laboratory at the Aviation and Missile Research, Development, and Engineering Center (AMRDEC) supports many distributed simulation exercises utilizing the Defense Research Engineering Network (DREN). A mix of classified and unclassified simulation exercises have recently been held, utilizing the Type B Asynchronous Transfer Mode (ATM) services provided by the DREN. Upcoming unclassified experiments will involve participants that are on networks that peer with the DREN and will require the use of the DREN Type A (IP only) services. Thus the use of Internet Protocol Security (IPSec) Virtual Private Network (VPN) tunnels is being investigated as a means of providing a secure method of connectivity for these participants. Two leading vendors that provide IPSec VPN services include Juniper (formerly Netscreen) and Cisco. Of interest is the interoperability of setting up an IPSec VPN tunnel with a Juniper Netscreen device on one end and a Cisco PIX device on the other. The focus of this work is to verify IPSec interoperability with no intent to compare PIX and Netscreen features. Also of interest is encapsulating Generic Routing Encapsulation (GRE) tunnels in the IPSec tunnel. A network lab has been set up and equipment borrowed to answer these questions, as well as determine effects upon latency in the AMRDEC simulation environment. This report provides the results of this work, as well as configuration information and lessons learned during this effort.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jul 01, 2006
- Accession Number
- ADA451929
Entities
People
- Greg Nix
- Kathryn Roose
- Laurie Fraser