[Openswan Users]

Shalini Tadimeti shalinitadimeti at yahoo.co.in
Wed May 10 12:47:51 CEST 2006



 Is there no way that I can authenticate the client
machine on the basis of my own set of parameters,
which are defined in a file ,for the establishment of
the IPSEC.I want this authentication for the
establishment of IPSEC.That is , data should be sent
before Security Association is established.
 
--- Norman Rasmussen <norman at rasmussen.co.za> wrote:

> On 5/10/06, Shalini Tadimeti
> <shalinitadimeti at yahoo.co.in> wrote:
> >  What if we want to send whole file containing
> > parameters about the client machine such as
> version
> > name and stuff like that.XAUTH can be used only
> for
> > username and password, but I want to send lot more
> > data for the authentication purpose through that
> file.
> > That is where I am stuck.I have thought about
> using
> > payloads, but even that doesnt seem to be the
> right
> > solution.
> >   Can we use either identification payload or
> private
> > use payload for this purpose?
> 
> Then perhaps the best way to do this, would be to
> establish a full
> ipsec connection, allowing the client to only
> connect to an
> authentication server inside your network.  Then the
> data can be sent
> in whatever format you want.   Once the auth server
> determines that
> the client is allowed access to other resources, it
> can change
> firewall rules to allow this.
> 
> This is intentionally similar to what MS are
> starting to support with
> their VPN connections - i.e. connected, but in a
> quarantine zone where
> they can't access the network until they prove
> they're safe.
> 
> --
> - Norman Rasmussen
>  - Email: norman at rasmussen.co.za
>  - Home page: http://norman.rasmussen.co.za/
> 



		
__________________________________________________________ 
Yahoo! India Answers: Share what you know. Learn something new. 
http://in.answers.yahoo.com


More information about the Users mailing list