Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] IKE VPN FW-1 <> Cisco

To: Jim Sweeting <[email protected]>
Subject: Re: [FW1] IKE VPN FW-1 <> Cisco
From: CryptoTech <[email protected]>
Date: Mon, 11 Dec 2000 10:38:28 -0500
Cc: jeff Crawley <[email protected]>, [email protected]
References: <372971931B8ED2118CCF0090271E0CFB761EC0@prelude.akl.optimation.co.nz>
Sender: [email protected]

Unfortunately, the book is incorrect.  It actually would indicate that the VPN-1 is
incapable of using 3DES for data exchange, which can be proven incorrect by setting
FWIKE_DEBUG = 1 and restarting FW or SR/SC.  You will then see in the logs the
transforms for phase 1 and phase 2 of ike.

Yeah Jim, I guess somebody needs to do some QA on the documentation....

Cheers,
CT

Jim Sweeting wrote:

> Jeff,
>
> I might be wrong about this but according to the definition of IKE / IPSEC
> in the Checkpoint 2000 VPN manual (page 16). 3DES is used for the initial
> key negotiation and then DES is used for encrypting the actual traffic.
>
> Jim
>
>  -----Original Message-----
> From:   CryptoTech [mailto:[email protected]]
> Sent:   Saturday, 9 December 2000 12:00 p.m.
> To:     jeff Crawley
> Cc:     [email protected];
> [email protected]; [email protected]
> Subject:        Re: [FW1] IKE VPN FW-1 <> Cisco
>
> Jeff,
> Is 3DES enabled on the firewall module VPN->IKE->transforms box under manage
> network
> objects.
>
> CryptoTech
>
> jeff Crawley wrote:
>
> > Thanks to the guys that answered my question.
> >
> > With your help I have got this running. One thing I want to add though.
> >
> > In the Encryption action of the rule I only have the option to set DES and
> > not 3DES. This is what was holding us up. The Cisco was set for 3DES in
> > phase 2.
> >
> > Is there no option for 3DES in phase2?
> >
> > Once again Guys, Thanks
> >
> > Jeff
> >
> ____________________________________________________________________________
> _________
> > Get more from the Web.  FREE MSN Explorer download :
> http://explorer.msn.com
> >
> >
> ============================================================================
> ====
> >      To unsubscribe from this mailing list, please see the instructions at
> >                http://www.checkpoint.com/services/mailing.html
> >
> ============================================================================
> ====
>
> ============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] IKE VPN FW-1 <> Cisco
  - From: Jim Sweeting <[email protected]>

Prev by Date: Re: [FW1] port mapping ?
Next by Date: [FW1] Load balancing vs. FW state
Previous by thread: RE: [FW1] IKE VPN FW-1 <> Cisco
Next by thread: [FW1] FW: ftp problem using win client and CVP
Index(es):
- Date
- Thread