[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Amend the DH Group in VPN-1 ver.4.1
Hi Dallas, Thank you very much for your reply. I think ideally it would be the case but in real life I think it may not be that good. As far as I know the VPN-1 supports DH group 1 & 2 in SP3 & SP4 (I'm not sure on this) but when it communicate with some other vendors VPN product, then it may be only able to use just DH group 2. If the opposite device cannot support DH group 2 then the negotiation would failed. I'm now having this kind of problem and searching for solution. I know the Cisco PIX firewall support DH5 but the Checkpoint just make me feel uncomfortable. Regards, Mark ECOMPmerce.com -----Original Message----- From: Dallas Bishoff [mailto:[email protected]] Sent: Thursday, August 02, 2001 11:42 AM To: [email protected] Subject: Re: [FW1] Amend the DH Group in VPN-1 ver.4.1 Mark: As a minimum, all IPSec implementations must support DH 1. DH2 may be possible. DH3 and DH4 are based on elliptic curve, and probably not supported. DH5 offers the best security, but is probably not supported, and is not required by the RFC. Regards!!! Dallas From: "Mark Lai" <[email protected]> Reply-To: <[email protected]> To: "Fw-1-Mailinglist" <[email protected]> Subject: [FW1] Amend the DH Group in VPN-1 ver.4.1 Date: Wed, 1 Aug 2001 16:42:11 +0800 Hello, Is there anyone knows that how to change the "Diffie-Hellman Group" in VPN-1 ver.4.1 SP4? or Can anyone tell me that what "DH Group" is being used in the VPN-1 ver.4.1 SP4? Thanks. Regards, Mark ECOMPmerce.com ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|