Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Amend the DH Group in VPN-1 ver.4.1

To: "Dallas Bishoff" <[email protected]>
Subject: RE: [FW1] Amend the DH Group in VPN-1 ver.4.1
From: "Mark Lai" <[email protected]>
Date: Thu, 2 Aug 2001 12:21:54 +0800
Cc: "Fw-1-Mailinglist" <[email protected]>
Importance: Normal
In-reply-to: <[email protected]>
Reply-to: <[email protected]>
Sender: [email protected]

Hi Dallas,

Thank you very much for your reply. I think ideally it would be the case but
in real life I think it may not be that good. As far as I know the VPN-1
supports DH group 1 & 2 in SP3 & SP4 (I'm not sure on this) but when it
communicate with some other vendors VPN product, then it may be only able to
use just DH group 2. If the opposite device cannot support DH group 2 then
the negotiation would failed. I'm now having this kind of problem and
searching for solution. I know the Cisco PIX firewall support DH5 but the
Checkpoint just make me feel uncomfortable.

Regards,
Mark
ECOMPmerce.com

-----Original Message-----
From: Dallas Bishoff [mailto:[email protected]]
Sent: Thursday, August 02, 2001 11:42 AM
To: [email protected]
Subject: Re: [FW1] Amend the DH Group in VPN-1 ver.4.1


Mark:

As a minimum, all IPSec implementations must support DH 1.  DH2 may be
possible.  DH3 and DH4 are based on elliptic curve, and probably not
supported.  DH5 offers the best security, but is probably not supported, and
is not required by the RFC.

Regards!!!

Dallas


From: "Mark Lai" <[email protected]>
Reply-To: <[email protected]>
To: "Fw-1-Mailinglist" <[email protected]>
Subject: [FW1] Amend the DH Group in VPN-1 ver.4.1
Date: Wed, 1 Aug 2001 16:42:11 +0800


Hello,

Is there anyone knows that how to change the "Diffie-Hellman Group" in VPN-1
ver.4.1 SP4?

or

Can anyone tell me that what "DH Group" is being used in the VPN-1 ver.4.1
SP4? Thanks.

Regards,
Mark
ECOMPmerce.com





============================================================================
====
      To unsubscribe from this mailing list, please see the instructions at
                http://www.checkpoint.com/services/mailing.html
============================================================================
====


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Why Not allow AOL ?
Next by Date: [FW1] SecuRemote Client behind a NATed Firewall
Previous by thread: [FW1] Amend the DH Group in VPN-1 ver.4.1
Next by thread: RE: [FW1] Amend the DH Group in VPN-1 ver.4.1
Index(es):
- Date
- Thread