Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NC "IPsec-like" functionality?

SOLVED
Go to solution
rhedar_
New Contributor
‎04-07-2009 10:56:AM
‎04-07-2009 10:56:AM

NC "IPsec-like" functionality?

Hi,

What is meant when Network Connect is descibed to provide an IPSec-like network tunnel? I know through the configuration UI that it utilizes ESP.

Thanks!

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
DanSmart_
Contributor
‎04-08-2009 12:18:PM
‎04-08-2009 12:18:PM

Re: NC "IPsec-like" functionality?

It is considered IPsec-like, since it uses ESP over UDP, but does not use IKE. Since you must log into the SA first, all key exchange is done over SSL and the ESP is setup over UDP so it can traverse a NAT. Since there's no IKE, its more consitent connecting over a NAT connection. ESP is higher performance than SSL, but NC will fall back to SSL on a last resort.

-=Dan=-

View solution in original post

0 Kudos
6 REPLIES 6
Mrkool_
Super Contributor
‎04-07-2009 01:14:PM
‎04-07-2009 01:14:PM

Re: NC "IPsec-like" functionality?

i think they mean the thick client like access. With network connect you can jsut deploy the thick client that the user can launch. this way the user does not have to use the web browser to login and than click network connect they can just launch this app login and get network connect.
0 Kudos
rhedar_
New Contributor
‎04-07-2009 01:27:PM
‎04-07-2009 01:27:PM

Re: NC "IPsec-like" functionality?

Thanks. I guess I'm more interested in the protocols used by the IPsec suite - AH, ESP, and IKE. Which of these protocols are and aren't used by NC?

0 Kudos
Mrkool_
Super Contributor
‎04-07-2009 01:59:PM
‎04-07-2009 01:59:PM

Re: NC "IPsec-like" functionality?

NC can use ESP and than falls back on NCP.

  • Network Communications Protocol (NCP)ÑStandard NCP has been replaced by oNCP. Windows client applications, including the Secure Meeting Windows client, WSAM, and Terminal Services fallback to NCP if oNCP fails.
  • Optimized NCP (oNCP)ÑOptimized NCP (oNCP) significantly improves the throughput performance of the client applications over NCP because it contains improvements to protocol efficiency, connection handling, and data compression. Windows client applications, including the Secure Meeting Windows client, WSAM, Network Connect and Terminal Services use oNCP by default.

    • no ESP , AH or IKE support.

    Encryotion can be set to

    AES128/MD5 (maximize performance) AES128/SHA1 AES256/MD5 AES256/SHA1 (maximize security)
    0 Kudos
    JintsFan_
    Occasional Contributor
    ‎04-07-2009 03:49:PM
    ‎04-07-2009 03:49:PM

    Re: NC "IPsec-like" functionality?

    If you are looking for IPSec functionality, then I wouldn't suggest a SSL-VPN.

    The SSG firewalls are compatible with (almost) any IPSec client. You should look into those.

    0 Kudos
    DanSmart_
    Contributor
    ‎04-08-2009 12:18:PM
    ‎04-08-2009 12:18:PM

    Re: NC "IPsec-like" functionality?

    It is considered IPsec-like, since it uses ESP over UDP, but does not use IKE. Since you must log into the SA first, all key exchange is done over SSL and the ESP is setup over UDP so it can traverse a NAT. Since there's no IKE, its more consitent connecting over a NAT connection. ESP is higher performance than SSL, but NC will fall back to SSL on a last resort.

    -=Dan=-

    0 Kudos
    rhedar_
    New Contributor
    ‎04-08-2009 12:51:PM
    ‎04-08-2009 12:51:PM

    Re: NC "IPsec-like" functionality?

    Thanks! I was wondering how key exchange was handled. So, NC uses ESP over UDP and will fallback to SSL. IKE and AH aren't being used.
    0 Kudos
    © 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.