Why would I need to purchase IPSec client software?

Archived from groups: comp.dcom.vpn (More info?)

I'm looking into buying one of Netgear's Prosafe routers. They offer
VPN client software in addition to the routers
http://www.netgear.com/products/details/VPN01L_VPN05L.php.

Don't Win2k and XP come with IPsec client support? Would I need to
purchase the software in addition to the router to tunnel from a client
into the network served by the router? I'm asking not just for Windows
clients, but I'd also like to set up Linux IPSec clients as well.

Thanks.
4 answers Last reply
More about purchase ipsec client software
  1. Archived from groups: comp.dcom.vpn (More info?)

    The prosafe router is a VPN endpoint , what you need is an IPSEC
    passthrough enabled router if you are going to have a VPN server
    anyways. If the router is the endpoint buy the client it will make
    your life much easier , XP's built in does not work with the Prosafe
    series

    On 12 May 2005 13:34:07 -0700, eel@javabox.com wrote:

    >I'm looking into buying one of Netgear's Prosafe routers. They offer
    >VPN client software in addition to the routers
    >http://www.netgear.com/products/details/VPN01L_VPN05L.php.
    >
    >Don't Win2k and XP come with IPsec client support? Would I need to
    >purchase the software in addition to the router to tunnel from a client
    >into the network served by the router? I'm asking not just for Windows
    >clients, but I'd also like to set up Linux IPSec clients as well.
    >
    >Thanks.
  2. Archived from groups: comp.dcom.vpn (More info?)

    eel@javabox.com writes:
    >I'm looking into buying one of Netgear's Prosafe routers. They offer
    >VPN client software in addition to the routers
    >http://www.netgear.com/products/details/VPN01L_VPN05L.php.

    >Don't Win2k and XP come with IPsec client support? Would I need to
    >purchase the software in addition to the router to tunnel from a client
    >into the network served by the router? I'm asking not just for Windows
    >clients, but I'd also like to set up Linux IPSec clients as well.

    Win2k and WinXP know about IPsec manual key, and L2TP over IPsec
    manual key (or even PPP auth with L2TP), but they don't know anything
    what-so-ever about IKE keying with pre-shared secrets, or X.509 certifcates.

    Most people find entering in your SA, and ESP associations and keys
    all by hand and making sure they match quite a pain. Plus of course,
    that doesn't let you have any sort of re-keying or revokion other
    than shutting down that SA (after you remember which SA is which).
  3. Archived from groups: comp.dcom.vpn (More info?)

    Doug McIntyre wrote:
    > eel@javabox.com writes:
    >
    >>I'm looking into buying one of Netgear's Prosafe routers. They offer
    >>VPN client software in addition to the routers
    >>http://www.netgear.com/products/details/VPN01L_VPN05L.php.
    >
    >
    >>Don't Win2k and XP come with IPsec client support? Would I need to
    >>purchase the software in addition to the router to tunnel from a client
    >>into the network served by the router? I'm asking not just for Windows
    >>clients, but I'd also like to set up Linux IPSec clients as well.
    >
    >
    > Win2k and WinXP know about IPsec manual key, and L2TP over IPsec
    > manual key (or even PPP auth with L2TP), but they don't know anything
    > what-so-ever about IKE keying with pre-shared secrets, or X.509 certifcates.
    >
    > Most people find entering in your SA, and ESP associations and keys
    > all by hand and making sure they match quite a pain. Plus of course,
    > that doesn't let you have any sort of re-keying or revokion other
    > than shutting down that SA (after you remember which SA is which).

    Windows IPSec is very ugly for dial in client style functionality. It
    was really designed for setting up a windows server with local LAN using
    IPSec all controlled with group policy and a corporate certificate
    authority.

    It does work with certificates though only in the lan style environment
    as I mentioned. For most uses over the internet it is inappropriate. I
    have never bothered to do more than a lab implementation just to see how
    ugly it was. The built in L2TP method can work but it has trouble with
    NAT so I have never been able to deploy it, though I could see where it
    might be useful on a restricted basis.

    So, yes the windows built in ipsec support could likely be made to work
    with the Netgear router but it is so inflexible that it's not a
    practical way to implement an IPSEC VPN connection to a desktop PC. You
    don't require the client that netgear sells, if you prefer to use
    another vendors IPSec client you can probably make it work. I have
    heard that support for this client software is not free from Netgear and
    the documentation is not great so you may be disappointed with that
    experience too. I believe many people are using these routers to make
    network to network connections using 2 routers more than the client
    "dialing" into the router type of connection. If you are interested in
    a solution that is good at making VPN gateway to client software
    connections then take a look at the Watchguard X line. They integrate
    the router and the client software very nicely.


    --
    WARNING! Email address has been altered for spam resistance.
    Please remove the -deletethispart-. section before replying directly.
    Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)
  4. Archived from groups: comp.dcom.vpn (More info?)

    davidl@yourmama.com wrote:
    > The prosafe router is a VPN endpoint , what you need is an IPSEC
    > passthrough enabled router if you are going to have a VPN server
    > anyways. If the router is the endpoint buy the client it will make
    > your life much easier , XP's built in does not work with the Prosafe
    > series
    >
    > On 12 May 2005 13:34:07 -0700, eel@javabox.com wrote:
    >
    >
    >>I'm looking into buying one of Netgear's Prosafe routers. They offer
    >>VPN client software in addition to the routers
    >>http://www.netgear.com/products/details/VPN01L_VPN05L.php.
    >>
    >>Don't Win2k and XP come with IPsec client support? Would I need to
    >>purchase the software in addition to the router to tunnel from a client
    >>into the network served by the router? I'm asking not just for Windows
    >>clients, but I'd also like to set up Linux IPSec clients as well.
    >>
    >>Thanks.
    >
    >

    We bought a D-Link DFL-200 VPN "endpoint" router. It works with the
    Windows XP built-in VPN client (PPTP).

    It also works with the GreenBow IPsec client (the only 3rd party client
    that we tried).

    A "side effect" of installing the GreenBow client is that when we use
    the XP client, we can still browse the net (split-tunnel). Normally,
    when VPN'ed with the XP client, you lose access to the net.

    Note - we also looked into buying a Prosafe router, but Netgear didn't
    answer our "20 VPN questions" email. D-Link did, so we bought from them
    - and it works.

    Ed
Ask a new question

Read More

vpn Routers Software Networking