Hi Charles,
Are you saying that windows 2000 is quite happy with RSA keys, and will still offer a secure path connecting two networks. I am a little confused about the whole concept of which method to use, and the relevance of X509. I had assumed that since it gets mentioned everywhere that it was necessary.
You haven't mentioned what your VPN network architecture looks like. There are three basic options:
1) The Bering boxes are the VPN gateways. If you setup your network this way, the two windows boxes simply think they are seperated by a simple router, and require no special configuration or knowledge due to the fact that you're actually running a VPN (although they do need special configuration to be able to talk to each other, since the broadcast packets typically used for network discovery/browsing will not cross a router). You can use either pre-shared-keys (PSK), RSA keys, or x.509 keys for authentication.
2) You use the built-in windows IPSec client on both ends. To do this, you will have to configure your firewall to pass-through the IPSec traffic, and you will obviously have to configure VPN tunnels on the windows boxes. This will likely require you generate certificates or use pre-shared-keys.
3) You use the built-in windows IPSec client on one end, and the Bering firewall on the other end for the VPN gateway. This seems like extra work to me, but you might want to do this for some reason. In this case, you would likely be forced into using x.509 certs on the Bering firewall, as I don't think windows can use RSA keys that are not "wrapped" inside a certificate.
I assumed you were looking at implementing option 1, since you were asking questions about ipsec509 on bering. With this setup, Windows doesn't know anything about the VPN, so it doesn't have to be "happy" with RSA keys...only the VPN gateways (the two Bering boxes) need to know anything about the VPN.
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
