Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] RE: IKE Phase 2 delays before VPN forms

To: <[email protected]>, <[email protected]>
Subject: [FW1] RE: IKE Phase 2 delays before VPN forms
From: "Robert MacDonald" <[email protected]>
Date: Sun, 10 Dec 2000 10:39:20 -0500
Sender: [email protected]

Tim, I'll bite...but you may have already found
the solution. Warning, not doing hybrid yet.

What is the default encryption scheme on your
SecureRemote client? See Tools->Encryption
Scheme and check IKE. Does this help at all?

Robert

- -
Robert P. MacDonald, Network Engineer
Team Lead, e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice:email: [email protected]

>>> Chilton Tim <[email protected]> 12/8/00 10:24:20 AM >>>
>
>REPOST
>
>No takers ?
>
>I assume that nobody is using IKE for SecureClient/SecureRemote ?
>
>Cheers
>Tim
>
>-----Original Message-----
>From: Chilton Tim 
>Sent: 07 December 2000 17:20
>To: [email protected] 
>Subject: IKE Phase 2 delays before VPN forms
>
>Hi,
>
>I'm currently bringing up IKE encryption to complement FWZ encryption to
>end-users and I'm seeing a slow phase 2 completion message.
>
>Auth goes something like this
>
>Connect at IP level
>Telnet to a host in the encryption domain.
>SecureClient pops up, enter credentials and hit return
>Firewall logs RADIUS event
>Firewall logs phase 1 with correct encryption etc.
>
>< Delay > - about 1 minute if 3DES and DES enabled, shorter if only DES
>
>After the delay, phase 2 completion recorded
>
>Repeating the telnet at this point connects to the machine in the encryption
>domain.
>
>Checkpoint are trying to tell me that this is "normal" but it seems a little
>suspect to me.
>
>Can anyone else who's using IKE on CP2000 SP2 (preferably with Hybrid
>authentication) confirm what sort of authentication delays they are seeing.
>
>Note that the same system on FWZ results in a 1-2 second logon which is
>fine.
>
>Cheers
>Tim




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] New CheckPoint 4-1 Installation on Sun-E250
Next by Date: [FW1] port mapping ?
Previous by thread: [FW1] RE: IKE Phase 2 delays before VPN forms
Next by thread: [FW1] Web Server FW Rules???
Index(es):
- Date
- Thread