NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Hybrid Mode IKE with RADIUS



This is the beginning of the steps necessary to set-up an internal CA.  

"o=boston, c=us" is the top of a directory tree being created for internal
use.  "c" is the country object and "o" is organization object (with
respective attribute values).  What you would be doing here is setting your
directory up in a x.500 manner such that your dn would be o=NetDoktor, c=uk.
Alternatively, you could use a DNS-like approach and simply go with:

fw internalca create -dn "o=netdoktor.com"

If you're not ready to or interested in using LDAP in your shop you could
safely go with either approach.  If you have a LDAP initiative underway,
check with the directory architects and follow whatever they are doing.

Chris

-----Original Message-----
From: Richard Marshall [mailto:[email protected]]
Sent: Tuesday, June 19, 2001 11:19 AM
To: [email protected]
Subject: [FW1] Hybrid Mode IKE with RADIUS


Hello.

I know that this topic has been discussed before, and i have read the
document on the checkpoint site but I am still very confused.

I need to set-up SecuRemote authentication with Hybrid Mode IKE using
Radius. 

Firstly, the Check Point document says
'fw internalca create -dn "o=boston, c=us" with a comment saying to select
your own DN name.
What does the -dn switch do? I am assuming that o=mgmnt server and
c=firewall object, but am not sure of this either. We are using a firewall
cluster, so should 'c' be the cluster name or should the command be run for
each 'wall? 

Secondly, what does 'Select your own DN name (LDAP format)' mean?

I have run this command and come back with the error 'internal CA already
exist' and to use the -force switch to over-ride this. i do not want to do
this incase I break the existing internal VPN between the firewalls.

Does anyone have any pointers on what I need to do to make this work?

TIA
Richard Marshall 
Network Systems Analyst 
NetDoktor 
Tel: + 44 20 7681 8470 
Mobile: + 44 7980 865 306 
MSN Messenger: richiemarshall
E-mail: [email protected]
http://www.netdoktor.com
----------------------- 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.