The background of IPSec; Internet Protocol security (IPsec) is a framework of open standards for protecting communications over Internet Protocol (IP) networks through the use of cryptography. It supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. The Microsoft implementation of IPsec is based on standards developed by the Internet Engineering Task Force (IETF) IPsec working group.
For more information on IPSec can be obtained from the below link: http://en.wikipedia.org/wiki/IPsec Coming to your question of testing IPSec by implementing Strongswan on one host and some other IPsec tools on another host, I understand it does not matter during testing. Because, the vendor / author or in other words provider of IPSec tool could be different but not its implementation. IPSecs implementation will be based on agreed and accepted standards worldwide and thats when you can communicate between two hosts without any issues. To know more about the implementation of Strongswan IPSec, visit the below link: http://wiki.strongswan.org/wiki/1/IpsecStandards Finally, the conclusion behind this is that IPsec support is usually implemented in the kernel with key management and ISAKMP/IKE negotiation carried out from user-space. Existing IPsec implementations often include both. If the keymanagement protocol at both ends are same (True, in this case) you shall carry out the test with effective results Hope this clarifies? Thanks Sandeep Thakur On Wed, Jun 9, 2010 at 3:13 PM, Dhanavel <[email protected]> wrote: > Thanks Amardeep... > > and more doubt... I have IPsec source code of Strongswan....In their > configuration they said they need two host... > can v test IPsec by implementing Strongswan on one host and some other > IPsec tools on another host... > > > or is it like both of the hosts want to have same configuration...is > it like that? > > regards > Dhanavel > > > On Jun 9, 11:28 am, Amar Deep <[email protected]> wrote: > > Hi, > > > > Generally we useI KE for scanning Ipsec- VPN Scanning ,Fingerprints and > > testing tools > > > > IKE-scan is a command-line tool for discovering, fingerprinting and > testing > > IPsec VPN systems. It constructs and sends IKE Phase-1 packets to the > > specified hosts, and displays any responses that are received. > > > > ke-scan allows you to: > > > > - Send IKE packets to any number of destination hosts, using a > > configurable output bandwidth or packet rate. (*This is useful for VPN > > detection, when you may need to scan large address spaces.*) > > - Construct the outgoing IKE packet in a flexible way. (*This includes > > IKE packets which do not comply with the RFC requirements.*) > > - Decode and display any returned packets. > > - Crack aggressive mode pre-shared keys. (*You can use ike-scan to > obtain > > the PSK hash data, and then use psk-crack to obtain the key.*) > > > > For Downloading IKE scan here is the link: > > > > http://www.darknet.org.uk/2008/11/ike-scan-ipsec-vpn-scanning-fingerp... > > > > and If u want to know more about penetration testing for IPsec here is > the > > link: > > > > http://www.symantec.com/connect/articles/penetration-testing-ipsec-vpns > > > > Regards, > > > > T.Amardeep, > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<nforceit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/nforceit?hl=en-GB. > > -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
