NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] IKE Phase 2 delays before VPN forms



Hi,

I'm currently bringing up IKE encryption to complement FWZ encryption to
end-users and I'm seeing a slow phase 2 completion message.

Auth goes something like this

Connect at IP level
Telnet to a host in the encryption domain.
SecureClient pops up, enter credentials and hit return
Firewall logs RADIUS event
Firewall logs phase 1 with correct encryption etc.

< Delay > - about 1 minute if 3DES and DES enabled, shorter if only DES

After the delay, phase 2 completion recorded

Repeating the telnet at this point connects to the machine in the encryption
domain.


Checkpoint are trying to tell me that this is "normal" but it seems a little
suspect to me.

Can anyone else who's using IKE on CP2000 SP2 (preferably with Hybrid
authentication) confirm what sort of authentication delays they are seeing.

Note that the same system on FWZ results in a 1-2 second logon which is
fine.

Cheers

Tim
************************************************************************
The information in this email is confidential and is intended solely
for the addressee(s).
Access to this email by anyone else is unauthorised. If you are not
an intended recipient, you must not read, use or disseminate the
information contained in the email.
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of
The Capital Markets Company.

http://www.capco.com
***********************************************************************



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.