IPSec and Extranet FAQ

RoyATokeshi
January 30, 2004 8:26 am

Citrix states in their article: CTX124724

CTX124724 - IPSec and Extranet FAQ

This document was published at: http://support.citrix.com/kb/entry.jspa?externalID=CTX124724

Document ID: CTX124724, Created on: Oct 10, 2000, Updated: Apr 23, 2003

Products: Citrix Extranet 2.0

This document answers some frequently asked questions about IPSec interoperability with Citrix Extranet 2.0.

IPSec and Extranet FAQ

What is IPSec?

IPSec is an Internet standard for secure communications. Many routers, firewalls, and VPN products support IPSec, including Citrix Extranet 2.0. Recent operating system releases, including Windows 2000 and Solaris 2.8, also support IPSec.

Why Is IPSec Important?

IPSec can work with existing network applications. Over IPSec, today's ICA Client can communicate securely with a MetaFrame server, without needing to be modified or reconfigured. Other network applications (such as a Web browser) are similarly unaffected.

IPSec is also efficient compared with other VPN technologies because it is part of the TCP/IP protocol stack.

Why Isn't IPSec deployed everywhere today?

Because IPSec is part of the TCP/IP protocol stack - this makes it difficult to retrofit to existing operating systems.

Isn't IPSec Incompatible With Firewalls?

It depends on the firewall configuration. There are two issues here.

• Some firewalls cannot pass IPSec traffic at all; most newer firewalls can, when configured appropriately.

• IPSec is not compatible with Network Address Translation (NAT), which is needed for most firewalls. NAT needs to modify IP packets to replace addresses with the translated addresses. IPSec has secured the IP packets precisely to protect them against any modification.

Which Platforms Does Citrix Extranet 2.0 Support for IPSec?

Citrix Extranet Clients: Windows 9x and Windows NT 4.0

Citrix Extranet Servers: Windows NT 4.0

Why Doesn't Citrix Extranet 2.0 Support IPSec for Windows 2000?

Citrix Extranet implements IPSec in a proprietary way. Because IPSec is already part of Windows 2000, Citrix Extranet would either have to hook into the Windows 2000 IPsec support in some way, or find a way of residing with it.

Citrix is working on a technical solution for a future release of Citrix Extranet that will take advantage of the native IPSec features in Windows 2000 Professional and Windows 2000 Server.

Citrix Extranet IPSec solutions will also be needed for Linux and Solaris. These may or may not be the same as for Windows 2000.

Planned release dates for all of the above are not yet available.

Windows 2000 Already has IPSec. Can I Use This With Citrix Extranet?

No. The Citrix Extranet IPSec is not compatible with any other IPSec.

Does Citrix Extranet 2.0 Have ICSA Certification for its IPSec?

No. The Citrix Extranet IPSec proprietary implementation currently prevents this.



Primary links

Custom Search

User login

Who's new

  • Cachleferah
  • Weedbacuupe
  • vororourn
  • vDonellaCandrah
  • SnnaSusi

Who's online

There are currently 0 users and 4 guests online.

KrissysCorner.com RuthSwensonLaw.com CreativeLizardProductions.com

DISCLAIMER:

None of this has anything to do with us, someone else is responsible for the entire thing, and we have no idea who or why. We do not know anything about it. It may be alien life forms for all we know: we haven't a clue. You cannot blame us for anything that may result from your visit. That was entirely your own personal choice, made by you of your own volition, and without our knowledge. We do not, after all, have any control over you and cannot by any stretch of the imagination be expected to accept or acknowledge, be it legally or morally, any accountability for decisions made by you on an independent basis, utilizing your own free will, and without our intervention. We are therefore in no way, shape, or form answerable to anyone for any consequences arising from the aforementioned or indeed any other actions, similar or otherwise, because it was not us that did, or did not do anything. It is not even remotely our fault, and we are in no way prepared or willing to accept any liability, not even slightly, ever. We are, in fact completely and utterly blameless, in that it is definitely not our concern, and no blame can possibly be laid at our doorstep, even if we had one, the possession of which we hereby reserve as being entirely our own free choice. The onus is not on us at all, and furthermore, never has been. The entire matter is wholly beyond our control, and completely out of our hands, each of which are washed scrupulously clean of the whole business. We are not accountable for anything at all, and we hereby categorically deny all responsibility for all that has ever, or will ever happen. Our innocence is therefore wholly beyond doubt and absolutely unimpeachable, and so cannot, under even the remotest or unlikeliest circumstances, be brought into question. By clicking either on a link on this site, clicking on a link that leads to this site, or by arriving at this site by natural or supernatural means, you are in effect accepting responsibility for the fact that it is all entirely your own fault, down to the most miniscule detail, and that you are wholly accountable for whatever outcome may arise as a consequence of the aforementioned action or actions insofar as they were undertaken personally by you on an entirely voluntary basis and without any persuasion, coercion or influence from any party or parties other than yourself. Don't come sniveling to us, we are only figments of your imagination. I also agree that if I am ever with a contributor to this website during mealtimes I agree to pay for any super-sizing of their meal, or at least a nice dessert or one of those foo-foo drinks with an umbrella or a monkey. By admitting to have seen the worthless spineless drivel on this website (also known as content)

I Agree Wholeheartedly and Without Reservation to the above. (Except maybe for that part about the monkey.)

All Your Base Are Belong To Us.

Soylent Green Is People!

Never make a bet with a Sicilian when Death is on the Line!

No. Really, I do agree.