Client interoperability

By Joel M. Snyder
Network World, 10/01/01

Generally, remote access client interoperability is not a big concern. Most companies have only a small number of remote access gateways and will typically select a single vendor to provide the gateways for their users. The client software provided by the gateway vendor is then the obvious choice for the company.

Two companies have made a business of providing interoperable clients for IP Security (IPSec) access to enterprise networks. Safenet (formerly IRE) sells its Windows-only client in an OEM configuration to many VPN vendors. Network Associates' PGP division offers Windows and Macintosh versions of an IPSec client application. We invited Safenet to come in for a brief interoperability test to see how well things would work.

Results were mixed. In the best case, Nokia and Check Point Software gateways take Safenet as a completely compatible client right out of the starting gate. Some gateways, including those from Nortel, Lucent, Cisco and Secure Computing, required that we make minor changes to our profiles before they would handle Safenet clients properly. Other gateways, such as those from Avaya, Microsoft and Hewlett-Packard, were unfriendly to foreign clients. They wouldn't work unless the client looked like a gateway with a static IP address, which is not generally useful for remote access client configurations. Finally, other vendors, including Cisco with its PIX entry, the configuration of the system was so restricted that by adding client compatibility we broke site-to-site interoperability.

Back to the main review