Don’t Worry, IPv6 Won’t Break Your Existing IPsec VPN, Part 2

Posted: October 27, 2011 in IPsec, IPv6, Rethink Remote Access
Tags: , ,

Editor’s Note: For part one, click here.

By Daniel P. Dern

So, how does a company add IPv6 support? “Your operating systems have to be IPv6-ready,” said Rainer Enders, CTO, Americas, for NCP engineering. “Your network providers have to support IPv6, in a secure way. Check whether they support native IPv6 end-to-end, for a full backbone if possible, as opposed to ‘split tunneling’ – we feel the latter is not a good idea and have concerns about that approach. Some ISPs are already rolling out pure native IPv6, especially for business-class service, and some will soon also be doing this on the consumer side.”

Split tunneling is when a VPN user is accessing a public network and a LAN or WAN, using the same network connection.  The public network, however, can pose a threat to the LAN or WAN, if it becomes vulnerable.

If IPv6 isn’t available end-to-end within your enterprise, “We recommend staying with IPv4 for now,” says Enders. “This is some of why IPv6 is slow to roll out. And you have to make sure all the relevant components are fully IPv6-compliant.”

Meanwhile, advises Enders, “If I were shopping for an IPsec or VPN technology, I would look for a vendor that offers a true dual-stack implementation of IPv6 and IPv4, so you are future-proofed. And the same applies when you have a refresh cycle — make sure you are getting true native support for IPv6.”

This provisioning includes any broadband gateways that home or remote users are getting, and also desktop operating systems. (Note: Both Windows 7 and MacOS include IPv6 support — however, this does not equate to guaranteeing that applications will work with IPv6.)

Steven J. Vaughan-Nichols, editor-in-chief of Practical Technology and independent contributor to publications including IEEE Spectrum and ZDnet, says, “IPv6 will make IPsec more popular than ever. After all, IPsec runs on IPv6. So, if you’re using IPsec-based VPNs today, one worry you’re not going to have about migrating to IPv6 is replacing or tuning IPsec. It’s already baked in.”

Daniel P. Dern is a freelance technology writer based in Newton Center, MA.  You can read more of his work at his website or technology blog.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s