| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] IPSEC
Bob,
In the older versions of firewall, there was an option for Manual IPSEC. Before you
can select it, you must go to Manage-SPI(security parameters index) and create a
manual key. If you are wanting to do current (more safe) IPSec, then you just need
to activate ISAKMP/Oakley.
IPSec now consists of two primary pieces:
1) a well defined key exchange mechanism which got most of its origins in
ISAKMP/Oakley.
2) a well defined mechanism for exchaning transform type (DES+Sha1, or Des+MD5, or
3DES+Sha1, and so on...)
So when you refer to an IPSec VPN in today's terms, you refer to IKE, or ISAKMP
(older designation which is still mostly compatible.)
If you require more details, lemme know, but I would suggest that you select isakmp
for your IPSec needs, and no Manual IPSEC.
Regards,
CryptoTech
"Bob Metoudi (QSF)" wrote:
> HI all,
> I have a Firewall 1 (v4.0) licence with the encryption module ("controlx,
> vpn..." in the "features"), I can see in my GUI all the encryption protocol
> (FWZ, SKIP,ISAKMP) except IPSEC. I can't configure a vpn with IPSEC.
> I thought that the encryption module will provide all encryptions protocols
> described in Checkpoint tec docs.
> Should I have to configure a specifc file to make IPSEC available or is it a
> problem of licences?
> Thanks for your answers
> Bob
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
