[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] IKE VPN FW-1 <> Cisco
Unfortunately, the book is incorrect. It actually would indicate that the VPN-1 is incapable of using 3DES for data exchange, which can be proven incorrect by setting FWIKE_DEBUG = 1 and restarting FW or SR/SC. You will then see in the logs the transforms for phase 1 and phase 2 of ike. Yeah Jim, I guess somebody needs to do some QA on the documentation.... Cheers, CT Jim Sweeting wrote: > Jeff, > > I might be wrong about this but according to the definition of IKE / IPSEC > in the Checkpoint 2000 VPN manual (page 16). 3DES is used for the initial > key negotiation and then DES is used for encrypting the actual traffic. > > Jim > > -----Original Message----- > From: CryptoTech [mailto:[email protected]] > Sent: Saturday, 9 December 2000 12:00 p.m. > To: jeff Crawley > Cc: [email protected]; > [email protected]; [email protected] > Subject: Re: [FW1] IKE VPN FW-1 <> Cisco > > Jeff, > Is 3DES enabled on the firewall module VPN->IKE->transforms box under manage > network > objects. > > CryptoTech > > jeff Crawley wrote: > > > Thanks to the guys that answered my question. > > > > With your help I have got this running. One thing I want to add though. > > > > In the Encryption action of the rule I only have the option to set DES and > > not 3DES. This is what was holding us up. The Cisco was set for 3DES in > > phase 2. > > > > Is there no option for 3DES in phase2? > > > > Once again Guys, Thanks > > > > Jeff > > > ____________________________________________________________________________ > _________ > > Get more from the Web. FREE MSN Explorer download : > http://explorer.msn.com > > > > > ============================================================================ > ==== > > To unsubscribe from this mailing list, please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > > ============================================================================ > ==== > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|