Automating IPsec Point to Point Tunnel Configurations and Key Generations in Large Heterogeneous Networks
Automating IPsec Point to Point Tunnel Configurations and Key Generations in Large Heterogeneous Networks
Author(s): Boris Stoyanov, Nikolay MilovanovSubject(s): Economy, ICT Information and Communications Technologies
Published by: Нов български университет
Keywords: IPsec; ESP; VPN; netTransformer; ISAKMP; Java; SNMP
Summary/Abstract: This article presents a practical approach for IPsec tunnel discovery, configuration and maintenance in enterprise networks where an any-to-any encryption is required. The case study is based on a real use case in one of the largest Bulgarian institution, where network administrators had to manually reconfigure all the IPsec neighbors of certain peer in case the security level of the peer got compromised. In addition to that they did not trust of the proprietary technology implemented by the vendor for key exchange so used manual keying. Our team proposed a solution based on netTransformer a tool for IP network discovery and configuration able to discover the current IPsec network topology to communicate and configure through a secured channel the peers, thus automatic the tunnel key configuration and keys replacement and finally to discover and formally verify the state reached by the network after the tunnels being reestablished.
Journal: Computer Science and Education in Computer Science
- Issue Year: 13/2017
- Issue No: 1
- Page Range: 219-231
- Page Count: 13
- Language: English