[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] RE: IKE Phase 2 delays before VPN forms
Tim, I'll bite...but you may have already found the solution. Warning, not doing hybrid yet. What is the default encryption scheme on your SecureRemote client? See Tools->Encryption Scheme and check IKE. Does this help at all? Robert - - Robert P. MacDonald, Network Engineer Team Lead, e-Business Infrastructure G o r d o n F o o d S e r v i c e Voice:email: [email protected] >>> Chilton Tim <[email protected]> 12/8/00 10:24:20 AM >>> > >REPOST > >No takers ? > >I assume that nobody is using IKE for SecureClient/SecureRemote ? > >Cheers >Tim > >-----Original Message----- >From: Chilton Tim >Sent: 07 December 2000 17:20 >To: [email protected] >Subject: IKE Phase 2 delays before VPN forms > >Hi, > >I'm currently bringing up IKE encryption to complement FWZ encryption to >end-users and I'm seeing a slow phase 2 completion message. > >Auth goes something like this > >Connect at IP level >Telnet to a host in the encryption domain. >SecureClient pops up, enter credentials and hit return >Firewall logs RADIUS event >Firewall logs phase 1 with correct encryption etc. > >< Delay > - about 1 minute if 3DES and DES enabled, shorter if only DES > >After the delay, phase 2 completion recorded > >Repeating the telnet at this point connects to the machine in the encryption >domain. > >Checkpoint are trying to tell me that this is "normal" but it seems a little >suspect to me. > >Can anyone else who's using IKE on CP2000 SP2 (preferably with Hybrid >authentication) confirm what sort of authentication delays they are seeing. > >Note that the same system on FWZ results in a 1-2 second logon which is >fine. > >Cheers >Tim ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|