Contact Us | Search



Friday - July 30 2010
   IPSec Toolkit™
Description
Features
Fact Sheet
FAQ
Licensing
Stay Informed

Sign up for company
and product news.
More

IPSec Toolkit, IPSec Library, IPSec sdk

IPSec Protocol Support
Encapsulations: Tunnel, Transport and NAT-T
Transformations: AH, ESP, IPComp
AH: MD5, SHA1
ESP: Encryption: DES, 3DES, AES, BlowFish, NULL-ESP
Authentication: MD5, SHA1
IPComp: Deflate and LZS methods (LZS licensed separately)
Hardware acceleration: NetOctave's NSP2000 CPUs supported
Other: Denial of Service and Man-in-the-Middle attack protection.
Built-in NAT engine for Virtual IP support.
Path MTU Discovery support for IPv4 and IPv6.
Dead tunnel detection support with archiving log-files for staff analysis.
SA exceptions supported, for passing certain traffic (selected by port or IP address) unencrypted.
IKE Protocol Support
Base ISAKMP / Oakley protocols: Main Mode, Aggressive Mode, Quick Mode
Perfect Forward Secrecy (PFS) support for Main Mode and Aggressive Mode
Config Mode for assigning Virtual IPs
Authentication: IP addresses (Pre-shared secrets), RSA signatures, x.509 Digital Certificates, Extended Authentication (XAUTH) v.4 and v.6, ID-KeyID (client mode only), Group Authentication (client mode only)
Sides identification: IP addresses, E-mails, Domain names, ID-KeyID
NAT Traversal: IETF drafts 03 and 02/01
DELETE notifications: Full Support: Phase I and II SAs; send / receive
Other: Manual keying (IKE-less tunnels)
Adjustable Security Associations lifetimes
Performance*
Software Encryption: 3DES: 50Mbit/s
DES: 100Mbit/s
AES: 90Mbit/s
BlowFish: 80Mbit/s
Hardware Encryption: 3DES: 250Mbit/s
DES: 275Mbit/s

*) Tests were conducted on Red Hat Linux 8.0 with 2.4.22 kernel. Test machine configuration: Intel Xeon 2.66GHz in HT mode, 512MB memory in dual-channel mode; D-Link 2000 1Gbit/s network cards. Hardware accelerator used: one NSP2000 unit.

The bandwidth performance data reflects the amount of UDP traffic a test application was able to encrypt in the outgoing direction.

Platform coverage
Windows: 95/98/Me/NT/2000/2003/XP/Vista; 64-bit XP supported
Linux 2.4 kernels, 2.6 kernels
OS/2: Warp 3, Warp 4, WSeB, eComStation 1.x
FreeBSD: 4.7+ support to be announced
IPSec Engine
Simultaneous tunnels: 1000 (can be increased at compile time - tested with 5000+ tunnels)
Run-time operations
VPN Tunnels: Remove, insert, update tunnels
Trigger IKE negotiations, stop IKE negotiations, more...
Statistics: Tunnel usage (activity and traffic), user statistics. More technical statistics available.


  License
  Evaluate


Cisco Systems

"[...] This was to verify that the F/X OS/2 VPN Client is functionally compatible with Cisco IOS and PIX. IPSec features such as mode config and X-Auth were successfully tested with the InJoy VPN Client."

Watson Poon
Cisco Systems



"The InJoy products enable Contivity to extend its IPSec client support beyond the traditional base of MS-Windows users, allowing a larger community of users to benefit from Contivity's VPN capabilties."

Jonathan Lewis
Contivity Product Manager
Nortel Networks


Home   |    Company   |    Technology   |    Products   |    Support   |    News
The InJoy Firewall™, InJoy Dialer™, FX IPSec Toolkit™,
and the IPAPI Packet Intercepting/NDIS Toolkit™ are registered trademarks of F/X Communications.
Copyright © 1996-2007 F/X Communications. All Rights Reserved.