Re: CA in IPSec

From: Chris Larson (clarson@xxxxxxxx)
Date: Thu Sep 21 2000 - 12:00:30 GMT-3

• Next message: Daniel Keller: "Re: Redistributing OSPF into IGRP"
• Previous message: Dayong Gan: "Re: Redistributing OSPF into IGRP"
• Maybe in reply to: Jim Bond: "CA in IPSec"
• Next in thread: Asbjorn Hojmark: "RE: CA in IPSec"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Can you explain your reasoning why you think you should never use Microsoft
CA? If there are good reasons I would like to know before we deploy.
We are planning to use 2000 Advanced Server with SCEP to scale our IPSEC on
the routers. We will secure by having the root CA off-line and walking the
ROOT Cert to the RA. Also, the CA cert will remain pending until the
security admin issues it to the router. As well a password is required to
get the cert from the RA, and you cannot get the password without proper
authentication to the website that issues same.

----- Original Message -----
From: "Jason1" <jason1@v-labs.net>
To: "Chris Larson" <clarson@pct3.com>; "Jim Bond" <trycisco@yahoo.com>;
<cisco@groupstudy.com>
Cc: <ccielab@groupstudy.com>
Sent: Wednesday, September 20, 2000 5:31 PM
Subject: Re: CA in IPSec

> I don't think you should ever use MS CA unless your organisation is very
> small and you are very sure that you will never have to cross-certify.
Also,
> you will have to determine what you mean by access the corporate network,
do
> you mean through web or through normal NT RPC protocol . If so, what
version
> of NT are you using ? I'm using that if you are even a bit concern about
> security, then WIN9X is out of the question.
>
>
>
> ----- Original Message -----
> From: "Chris Larson" <clarson@pct3.com>
> To: "Jim Bond" <trycisco@yahoo.com>; <cisco@groupstudy.com>
> Cc: <ccielab@groupstudy.com>
> Sent: Wednesday, September 20, 2000 5:47 AM
> Subject: Re: CA in IPSec
>
>
> > Microsoft Advance Server has a CA and the resource kit has the SCEP
> (simple
> > cert enrollment protocol) developed by Cisco. You can use this as a root
> CA
> > for your orginaztion (or outside your enterprise) to issue certificates
to
> > the routers, the Cisco VPN client and the 2000 boxes
> >
> >
> > ----- Original Message -----
> > From: "Jim Bond" <trycisco@yahoo.com>
> > To: <cisco@groupstudy.com>
> > Cc: <ccielab@groupstudy.com>
> > Sent: Wednesday, September 20, 2000 1:49 AM
> > Subject: CA in IPSec
> >
> >
> > > Hello,
> > >
> > > Is there a way to enroll a PC to CA so we can make
> > > sure users only use this system to get into corporate
> > > network from Internet?
> > >
> > > Thanks in advance.
> > >
> > >
> > > Jim
> > >

• Next message: Daniel Keller: "Re: Redistributing OSPF into IGRP"
• Previous message: Dayong Gan: "Re: Redistributing OSPF into IGRP"
• Maybe in reply to: Jim Bond: "CA in IPSec"
• Next in thread: Asbjorn Hojmark: "RE: CA in IPSec"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:59 GMT-3