| INVALID@google.com 2004-09-15, 8:47 pm |
| "T. Sean Weintz" <strap@hanh-ct.org> wrote:
>INVALID@google.com wrote:
>
>No. In fact if the remote end properly implements agressive mode as per
>the standard, the windoze XP ipsec client won't work with it.
>
>-Sean
Exactly. You are correct. But let's look at the bright side, rather than
the dark side. (Note that there are already tons of nodes bashing M$
stuff.) That's why main mode should be used always. Hence, people trying
to "configure" Win IPsec clients to do aggressive mode with
standards-conforming IPsec VPN servers would find themselves in a
difficult situation.
Use main mode/transport mode combination to configure Win IPsec client
to connect to standards-conforming IPsec servers. Win IPsec clients by
Microsoft/Cisco do conform to standards mostly because they can
interoperate with standards-conforming IPsec servers in main mode.
However, Win IPsec clients only do 3des in low-grade (export version)
encryption if case anyone cares the quality of encryption.
------------------------------------------------
The leader in Green VPN solutions
http://strongsolutions.addr.com/
------------------------------------------------
|