[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Hybrid Mode IKE with RADIUS
This is the beginning of the steps necessary to set-up an internal CA. "o=boston, c=us" is the top of a directory tree being created for internal use. "c" is the country object and "o" is organization object (with respective attribute values). What you would be doing here is setting your directory up in a x.500 manner such that your dn would be o=NetDoktor, c=uk. Alternatively, you could use a DNS-like approach and simply go with: fw internalca create -dn "o=netdoktor.com" If you're not ready to or interested in using LDAP in your shop you could safely go with either approach. If you have a LDAP initiative underway, check with the directory architects and follow whatever they are doing. Chris -----Original Message----- From: Richard Marshall [mailto:[email protected]] Sent: Tuesday, June 19, 2001 11:19 AM To: [email protected] Subject: [FW1] Hybrid Mode IKE with RADIUS Hello. I know that this topic has been discussed before, and i have read the document on the checkpoint site but I am still very confused. I need to set-up SecuRemote authentication with Hybrid Mode IKE using Radius. Firstly, the Check Point document says 'fw internalca create -dn "o=boston, c=us" with a comment saying to select your own DN name. What does the -dn switch do? I am assuming that o=mgmnt server and c=firewall object, but am not sure of this either. We are using a firewall cluster, so should 'c' be the cluster name or should the command be run for each 'wall? Secondly, what does 'Select your own DN name (LDAP format)' mean? I have run this command and come back with the error 'internal CA already exist' and to use the -force switch to over-ride this. i do not want to do this incase I break the existing internal VPN between the firewalls. Does anyone have any pointers on what I need to do to make this work? TIA Richard Marshall Network Systems Analyst NetDoktor Tel: + 44 20 7681 8470 Mobile: + 44 7980 865 306 MSN Messenger: richiemarshall E-mail: [email protected] http://www.netdoktor.com ----------------------- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|