{IPSECvalidate}: A Tool to Validate {IPSEC} Configurations

Reiner Sailer; Arup Acharya; Mandis Beigi; Raymond Jennings; Dinesh Verma

IPSECvalidate: A Tool to Validate IPSEC Configurations

This paper describes a tool for validating the proper configuration of the IPSEC protocol suite including IKE. The tool validates that two hosts are able to communicate (normal ping functionality) and that this communication is occurring using the proper authentication/encryption transformations as required by IPSEC. IPSEC configuration is very complex, and administrators are often unable to determine if a machine configuration is offering the desired protection. IPSEC and IKE operate in a manner transparent to IP applications; an administrator is therefore unable to check the proper operation of an IPSEC ``security association'' using traditional IP tools.

Reiner Sailer, IBM

Arup Acharya, IBM

Mandis Beigi, IBM

Raymond Jennings, IBM

Dinesh Verma, IBM

BibTeX

@inproceedings {270831,
author = {Reiner Sailer and Arup Acharya and Mandis Beigi and Raymond Jennings and Dinesh Verma},
title = {{IPSECvalidate}: A Tool to Validate {IPSEC} Configurations},
booktitle = {15th Systems Administration Conference (LISA 2001)},
year = {2001},
address = {San Diego, CA},
url = {https://www.usenix.org/conference/lisa-2001/ipsecvalidate-tool-validate-ipsec-configurations},
publisher = {USENIX Association},
month = dec
}

Download

Links

Paper:

http://usenix.org/publications/library/proceedings/lisa2001/tech/full_papers/sailer/sailer.pdf

Paper (HTML):

http://usenix.org/publications/library/proceedings/lisa2001/tech/full_papers/sailer/sailer_html/index.html

USENIX Conference Policies