The Basic Conformance test is to see whether or not the tested gateway acts as
a gateway for very basic IPsec operations. To pass, a host on a network
behind the test gateway must reach a web server on a nework behind the
conformance gateway.
When testing, the test gateway initiated and set up a Phase 1 with the
conformance gateway and a phase 2 for the host on the networks behind each
gateway. In IKE Main Mode, the test gateway proposed TripleDES, SHA-1,
MODP group 2 (1024-bit), a
pre-shared secret of "mekmitasdigoat", no PFS, and no rekeying. After
setting up phase 1 and phase 2, the host behind the test gateway went to the
web server on the host behind the conformance gateway and got a short
message there. The test was then repeated on the second conformance
gateway.
The following lists the products that passed. The links after the product
names are to the debugging information generated on each conformance
gateway during the successful test. It is unlikely that this information
is of much value to typical users; however, without it, you have no
proof that the company even tested their products against the
conformance gateways.
On each conformance gateway, the debug output is:
| Company | Product | OpenBSD testing | KAME testing |
| ADTRAN | NetVanta 2000 |
debug, report, outside, inside |
debug, outside, inside |
| Ashley Laurent | BroadWay ISS |
debug, report, outside, inside |
debug, outside, inside |
| Backbone Security.com | Ribcage |
debug, report, outside, inside |
debug, outside, inside |
| Check Point Software | VPN-1 Gateway |
debug, report, outside, inside |
debug, outside, inside |
| Cisco | IOS IPsec |
debug, report, outside, inside |
debug, outside, inside |
| Cisco | VPN 3000 Concentrator |
debug, report, outside, inside |
debug, outside, inside |
| Cryptek | DiamondTEK |
debug, report, outside, inside |
debug, outside, inside |
| CyberGuard | Premium Appliance Firewall family |
debug, report, outside, inside |
debug, outside, inside |
| DigiSAFE | BigBouncer |
debug, report, outside, inside |
debug, outside, inside |
| DigiSAFE | NetProtect |
debug, report, outside, inside |
debug, outside, inside |
| Encore Networks | BANDIT family |
debug, report, outside, inside |
debug, outside, inside |
| Enterasys Networks | Aurorean Virtual Network |
debug, report, outside, inside |
debug, outside, inside |
| Enterasys Networks | XSR Security Router family |
debug, report, outside, inside |
debug, outside, inside |
| eSoft | InstaGate |
debug, report, outside, inside |
debug, outside, inside |
| Hifn | IPSECure |
debug, report, outside, inside |
debug, outside, inside |
| Intoto | iGateway family |
debug, report, outside, inside |
debug, outside, inside |
| Microsoft | Windows 2000 SP1 |
debug, report, outside, inside |
debug, outside, inside |
| NETGEAR | FVL328 |
debug, report, outside, inside |
debug, outside, inside |
| NETGEAR | FVS318 |
debug, report, outside, inside |
debug, outside, inside |
| NetKlass | NetKlass SME100 |
debug, report, outside, inside |
debug, outside, inside |
| NetScreen | NetScreen |
debug, report, outside, inside |
debug, outside, inside |
| Nokia | Nokia VPN |
debug, report, outside, inside |
debug, outside, inside |
| Nortel Networks | Contivity |
debug, report, outside, inside |
debug, outside, inside |
| Quarry Technologies | iQ-series Switches |
debug, report, outside, inside |
debug, outside, inside |
| SafeNet | SafeNet |
debug, report, outside, inside |
debug, outside, inside |
| SafeNet | HighAssurance 2000 Gateway |
debug, report, outside, inside |
debug, outside, inside |
| SnapGear | SnapGear |
debug, report, outside, inside |
debug, outside, inside |
| SSH Communications Security | IPSEC Express |
debug, report, outside, inside |
debug, outside, inside |
| SSH Communications Security | QuickSec Toolkit |
debug, report, outside, inside |
debug, outside, inside |
| SSH Communications Security | SSH Sentinel |
debug, report, outside, inside |
debug, outside, inside |
| Stonesoft | StoneGate |
debug, report, outside, inside |
debug, outside, inside |
| WatchGuard | WatchGuard Firebox Vclass |
debug, report, outside, inside |
debug, outside, inside |
| Wipro Technologies | Wipro Home Gateway |
debug, report, outside, inside |
debug, outside, inside |
If you have comments or questions about VPNC's testing, please feel
free to send them to Paul Hoffman, VPNC's director,
at paul.hoffman@vpnc.org.
