Setting Up a Site-to-Site VPN Connection

Note

The IKE peers (VPN end points) authenticate each other by computing and sending a keyed hash of data that includes the Preshared key. If the receiving peer is able to create the same hash independently by using its Preshared key, it knows that both peers must share the same secret, thus authenticating the customer gateway.

IKE Encryption: The Internet Key Exchange (IKE) policy for phase-1. The supported encryption algorithms are AES128, AES192, AES256, and 3DES. Authentication is accomplished through the Preshared Keys.

Note

The phase-1 is the first phase in the IKE process. In this initial negotiation phase, the two VPN endpoints agree on the methods to be used to provide security for the underlying IP traffic. The phase-1 authenticates the two VPN gateways to each other, by confirming that the remote gateway has a matching Preshared Key.

IKE Hash: The IKE hash for phase-1. The supported hash algorithms are SHA1 and MD5.

IKE DH: A public-key cryptography protocol which allows two parties to establish a shared secret over an insecure communications channel. The 1536-bit Diffie-Hellman group is used within IKE to establish session keys. The supported options are None, Group-5 (1536-bit) and Group-2 (1024-bit).

ESP Encryption: Encapsulating Security Payload (ESP) algorithm within phase-2. The supported encryption algorithms are AES128, AES192, AES256, and 3DES.

Note

The phase-2 is the second phase in the IKE process. The purpose of IKE phase-2 is to negotiate IPSec security associations (SA) to set up the IPSec tunnel. In phase-2, new keying material is extracted from the Diffie-Hellman key exchange in phase-1, to provide session keys to use in protecting the VPN data flow.

ESP Hash: Encapsulating Security Payload (ESP) hash for phase-2. Supported hash algorithms are SHA1 and MD5.

Perfect Forward Secrecy: Perfect Forward Secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised. This property enforces a new Diffie-Hellman key exchange. It provides the keying material that has greater key material life and thereby greater resistance to cryptographic attacks. The available options are None, Group-5 (1536-bit) and Group-2 (1024-bit). The security of the key exchanges increase as the DH groups grow larger, as does the time of the exchanges.

195

Page 205
Image 205
Citrix Systems 4.2 manual

4.2 specifications

Citrix Systems, a leading provider of virtualization solutions and cloud computing technologies, released version 4.2 of its popular software, Citrix XenApp, which was previously known as Presentation Server. This version marked a significant evolution in providing users with remote access to applications and desktops, emphasizing simplicity, performance, and security.

One of the standout features of Citrix XenApp 4.2 is its improved application streaming capabilities. This technology allows applications to be delivered to users in real-time, reducing the need for extensive local installations and enhancing the user experience. With application streaming, administrators can efficiently manage applications on a central server while ensuring that users have immediate access to the necessary tools.

Another highlight of this version is the enhanced security measures put in place to protect sensitive data. Citrix XenApp 4.2 includes support for SSL encryption, providing a secure communication channel for data transmitted between the server and clients. This is particularly crucial for businesses that need to comply with strict data protection regulations. Additionally, the integration of endpoint security features ensures that unauthorized access to applications is minimized.

Performance enhancements are also a critical focus in this release. Citrix optimized the delivery of applications over various network conditions, ensuring that users experience minimal latency regardless of their location. This was achieved through the incorporation of SmartAccess and SmartControl technologies, which allow administrators to set policies based on user roles, device types, and network conditions. This level of granularity enables organization-wide security without compromising on usability.

The user experience was further improved with a revamped interface, making it easier for end-users to access their applications and data. Simplified menus, clear navigation paths, and the ability to customize user settings contributed to a more efficient workflow, allowing users to focus on their tasks rather than struggling with the software.

Finally, Citrix XenApp 4.2 was designed to be highly scalable. Organizations of all sizes could deploy this solution to deliver applications efficiently, adapting to their specific needs as their user base grows or changes. This flexibility is crucial for businesses looking to future-proof their IT investments while maintaining optimal performance.

In summary, Citrix XenApp 4.2 stands out with its enhanced application streaming, robust security features, improved performance under varying conditions, user-friendly interface, and scalability, making it an ideal choice for organizations seeking to leverage virtualization for remote access to applications and desktops.