ALL >> Business >> View Article
Using Security Knowledge To Resolve Connectivity Issues
I often have the pleasure of introducing consultants to the mysteries of PKI. It's a subject I like talking about 70-291, and it's also great to be able to solve a problem in five minutes that the communications consultant has been working on for hours or perhaps days. Sometimes I am contracted to solve the problem, and sometimes I answer an inquiry from a reader. The latter was the case in this example. In this example, the problem concerned VPN connections between three sites of the same company. The problem is similar to one you will have to solve when dealing with communications between multiple organizations.
I was told that all three sites used exactly the same hardware and software and were configured in exactly the same manner by local administrators using a centrally prepared instruction sheet. All three sites were part of the same company, but one site had been acquired six months previously. The purpose of the con?nection was to create a site-to-site demand-dial VPN between all three sites using L2TP/IPSec as the communications protocol. The reader told me that the site-to-site ...
... demand-dial VPN between Sites A and B was working just fine, but neither A nor B were able to establish demand-dial connectivity with Site C. This information, plus the requirement for free MCSE PDF questions, was my first indication that the problem was trust related. I told the reader to switch to PPTP and see whether the VPN could be connected. He did, and it was. Here's how I explained why the solution worked.
When L2TP/IPSec is used to secure VPN traffic, both peers (computers on either side of a communication) must be able to present a certificate that the other peer can validate. Each computer sends to its peer a list of the root CAs that it has machine certificates from. If the peer trusts one of the CAs listed, it should be able to validate the certificate presented by its peer. If it trusts none of them, the con?nection cannot be negotiated. When the reader questioned the administrator at Site 3, he found that the site had its own CA hierarchy. He then examined the trusted root CA certificates in the certificate stores of Routerl and Router2 and found, not surprisingly, neither router had a copy of the Site 3 root CA. By sub?stituting PPTP for the VPN protocol, the need for certificates was removed. A better free MCITP PDF questions would have been to develop a trust relationship based on the PKI infrastructure that was present, and that's just what we did next
Add Comment
Business Articles
1. Unveiling The Material Characteristics Of Plastic PartsAuthor: adam.xu
2. Top 5 Beach View Resorts In Chennai For A Memorable Getaway
Author: greenmeadows resort
3. Relationship Counselling Den Haag Brings The Best Chance To Understand Each Other’s Needs!
Author: Angelika Matthias
4. Web Development Company: Guide For Hiring The Best
Author: Sagar Tech
5. Make A Business Website To Get Started Online
Author: Sagar Tech
6. Elevate Your Software Quality With Agile Advisors: Premier Software Testing Consultancy In Dubai, Uae
Author: kohan
7. Affordable Polyester Pleated Mesh From Top Manufacturers
Author: pavitra
8. Empowering Sustainable Development: Agile Advisors As Your Trusted Leed Certification Consultant In Dubai And Uae
Author: kohan
9. Buy Cats Eye Gemstone Online In Ahmedabad
Author: rishabhjains
10. Why Data Destruction And Sanitisation Are Important
Author: Destruction and Sanitisation
11. Stock Market Update: शेयर बाजार में लगातार चौथे हफ्ते बढ़त: क्या तेजी बरकरार रहेगी? जाने इस हफ्ते किन महत्वपूर्ण पहलुओं पर ध्यान देना चाहिए
Author: M Ratlami
12. Perfect Happy New Year Gift For Your Girlfriend Thoughtful Ideas For 2024
Author: MyFlowerTree
13. China Valmax Valve Co., Ltd
Author: China Valmax Valve Co., Ltd.
14. Mastering Clipping Path In Photoshop: A Guide To Precision Editing
Author: Sam
15. Expert Emergency And Cosmetic Dental Care Services For Families And Individuals In St. Louis
Author: Jessica Williams