RSA Laboratories

5.1.3 What is S/WAN?

The S/WAN (Secure Wide Area Network, pronounced "swan") was an initiative to promote the widespread deployment of Internet-based Virtual Private Networks (VPNs). This was accomplished by adopting a standard specification for implementing IPSec, the security architecture for the Internet Protocol (see Question 5.1.4), thereby ensuring interoperability among firewall and TCP/IP products. The use of IPSec allows companies to mix-and-match the best firewall and TCP/IP stack products to build Internet-based VPNs. Currently, users and administrators are often locked in to single-vendor solutions network-wide, because vendors have been unable to agree upon the details of an IPSec implementation. The S/WAN effort should therefore remove a major obstacle to the widespread deployment of secure VPNs.

S/WAN supported encryption at the IP level, which provides more fundamental and lower-level security than higher-level protocols, such as SSL (see Question 5.1.2). It was expected that higher-level security specifications, including SSL, would be routinely layered on top of S/WAN implementations, and these security specifications would work together.

While S/WAN is no longer an active initiative, there are other related ongoing projects such as Linux FreeS/WAN ( and the Virtual Private Network Consortium (VPNC; see Linux FreeS/Wan is a free implementation of IPSec and IKE (Internet Key Exchange) for Linux, while VPNC is an international trade association for manufacturers in the VPN market.

Top of the page