Solved

Can IPsec be setup between Solaris and Windows 2000 server?

Posted on 2003-11-11
6
1,151 Views
Last Modified: 2013-12-05
Hi Guys,
            I need to setup a secure tunnel between some Solaris servers (running Tivoli) and backend Windows 2000 servers (running Domino). I plan to do this using IPsec for authentication and possibly encryption. I have setup IPsec between Windows 2000 servers no problem. However as I am not as clued up on the Solaris admin side.

  I have researched this and what I've read seems to suggest that it 'should' be possible to set this up using Solaris 9 rather than 8 with Windows 2000, as Solaris 8 did not support IKE which Windows requires to negotiate keys (I know pre-shared keys could be used but obviously I don't want to go down that road unless its a last resort).

 So my question has two parts:

A) Is it possble to get Solaris 9 (using the "in.iked" daemon for IKE) talking to Windows 2000 server using IPsec or am I waisting my time?

B) Can this be done using Solaris 8?
0
Comment
Question by:doofry
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 3

Expert Comment

by:cincin77
ID: 9721537
As these are standards, you can absolutely do this. Configuring Windows side is explained on the microsoft webpage. Solaris side can be found in the manual pages, i guess.

you should just read a little.

I have even implemented IPSEC between W2K and OS/390 mainframe.

regards.
0
 

Author Comment

by:doofry
ID: 9721571
Cincin77,

Thanks, I don't have any probs implementing this on W2K, but have heard that a lot of people have found it tricky getting Solaris to W2K correctly (W2K's IPsec implementation being the problem not Solaris - Just thought I'd clarify that so I don't get flamed by Unix Gurus ;)  ).

  I'd like to hear an answer from someone that has actually implemented such a setup, explaining any pitfals they found before I add this to my project plan.
0
 
LVL 3

Expert Comment

by:cincin77
ID: 9721595
then why dont you try and see?
for the W2K side, check:
Microsoft Knowledge Base Article - 252735
http://support.microsoft.com/default.aspx?scid=KB;EN-US;q252735&

Also goole rulez:))
www.google.com
0
 
LVL 3

Accepted Solution

by:
nonsence earned 500 total points
ID: 9721637
here's something for you

interoperability of IPSec between solaris 8 and win2k
http://www.sandelman.ottawa.on.ca/ipsec/2002/02/msg00004.html

Configuring IPSec and Ike on Solaris, Part Two
http://www.securityfocus.com/infocus/1625

Configuring IPsec/IKE on Solaris, Part One
http://www.securityfocus.com/infocus/1616

Configuring IPsec and IKE on Solaris, Part Three
http://www.linuxsecurity.com/articles/documentation_article-5766.html
0
 

Author Comment

by:doofry
ID: 9732491
Someone out there must have tried setting up IPsec between Solaris 8 and Windows 2000. If so how did you configure the protocol at each end as Solaris 8 does not do automatic IKE, which Windows 2000 needs (see quote below). Did you manage to use preshared keys or can the in.iked daemon be back ported into Solaris 8?

"Solaris 9
Sun's inclusion of IPsec capabilities in Solaris is a significant step forward in broadening Solaris' functional roles. With Solaris 9 Sun has included additional features and utilities such as ikeadm and in.iked to help system administrators control and tune the Internet Key Exchange (IKE) more completely. The in.iked program provides automated key management for IPsec by implementing IKE authentication using either pre-shared keys, certificates or signatures; authentication protection and Diffie-Hellman key derivation."
0

Featured Post

Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month8 days, 1 hour left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question