[Openswan Users]
Shalini Tadimeti
shalinitadimeti at yahoo.co.in
Wed May 10 12:47:51 CEST 2006
Is there no way that I can authenticate the client
machine on the basis of my own set of parameters,
which are defined in a file ,for the establishment of
the IPSEC.I want this authentication for the
establishment of IPSEC.That is , data should be sent
before Security Association is established.
--- Norman Rasmussen <norman at rasmussen.co.za> wrote:
> On 5/10/06, Shalini Tadimeti
> <shalinitadimeti at yahoo.co.in> wrote:
> > What if we want to send whole file containing
> > parameters about the client machine such as
> version
> > name and stuff like that.XAUTH can be used only
> for
> > username and password, but I want to send lot more
> > data for the authentication purpose through that
> file.
> > That is where I am stuck.I have thought about
> using
> > payloads, but even that doesnt seem to be the
> right
> > solution.
> > Can we use either identification payload or
> private
> > use payload for this purpose?
>
> Then perhaps the best way to do this, would be to
> establish a full
> ipsec connection, allowing the client to only
> connect to an
> authentication server inside your network. Then the
> data can be sent
> in whatever format you want. Once the auth server
> determines that
> the client is allowed access to other resources, it
> can change
> firewall rules to allow this.
>
> This is intentionally similar to what MS are
> starting to support with
> their VPN connections - i.e. connected, but in a
> quarantine zone where
> they can't access the network until they prove
> they're safe.
>
> --
> - Norman Rasmussen
> - Email: norman at rasmussen.co.za
> - Home page: http://norman.rasmussen.co.za/
>
__________________________________________________________
Yahoo! India Answers: Share what you know. Learn something new.
http://in.answers.yahoo.com
More information about the Users
mailing list