Security Solutions
3-50
Designing Access Controls
Make Decisions about Remote Access (VPN)
Table 3-33. PCU’s Preliminary Decisions for VPN Options
Factor Weight VPN Protocol Authentication
Method
Encryption Client Gateway
Security 3 • Option 1:
IPsec with
IKE
• Option 2:
L2TP3/IPsec
Digital
certificates
•ESP with
AES
•AH with
SHA1
Any Any
User type and
sophistication
2•Option 1:
PPTP
• Option 2:
IPsec with
IKE
•Option 1:
EAP-TLS
•Option 2:
Digital
certificates
•Option 1:
MPPE
•Option 2:
Any
• Option 1:
Windows
native
• Option 2:
ProCurve VPN
Client with
preconfigured
policy
• Option 1:
Windows Server
2000 or 2003
• Option 2:
Secure Router
7000dl
•For
either—Other
vendors:
– Software
built into
router or
firewall
– Hardware
appliance
Administrative
workload and
IT budget
2 IPsec with IKE Preshared key Any ProCurve VPN
Client
Secure Router
7000dl
Endpoint and
administrative
control
1•Option 1:
PPTP
• Option 2:
L2TP/IPsec
•Option 1:
MS-CHAPv2
•Option 2:
Preshared
key
•Option 1:
MPPE
•Option 2:
Any
For either:
Windows native
or Mac OS X
native
For either:
Any that supports
PPTP or L2TP/IPsec
Existing
network
infrastructure
2 IPsec with IKE Digital
certificates
Any ProCurve VPN
Client
Secure Router
7000dl
Total IPsec with IKE Digital
certificates
• Preferred
policy:
–ESP
with
AES
–AH
with
SHA1
•Other
policies to
widen
support
ProCurve VPN
Client, possibly
with pre-
configured policy
Secure Router
7000dl