NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] FW-1/VPN-1 with IKE and dynamic passwords how-to?


  • To: [email protected]
  • Subject: Re: [FW-1] FW-1/VPN-1 with IKE and dynamic passwords how-to?
  • From: Iztok Umek <[email protected]>
  • Date: Thu, 8 Nov 2001 13:08:55 -0500
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcFod0cEUWP8wI6wTXGONO70ufqlaAACPqLw
  • Thread-topic: [FW-1] FW-1/VPN-1 with IKE and dynamic passwords how-to?

What the problem is that I need IKE (NAT), but IKE with CheckPoint by
defaut doesn't allow s/key (only two options are passwords and cert
keys).

So is IKE with CP client and s/key possible at all?


---
Iztok Umek
Elogex, Inc.
212 S Tryon Street
Charlotte, NC 28281
Phone:Fax:URL: http://www.elogex.com/




> -----Original Message-----
> From: Chris Arnold [mailto:[email protected]]
> Sent: Thursday, November 08, 2001 12:03
> To: 'Mailing list for discussion of Firewall-1'; Iztok Umek
> Subject: RE: [FW-1] FW-1/VPN-1 with IKE and dynamic passwords how-to?
>
>
> You can most certainly use S/KEY for one-time "passwords"
> with SecuRemote. You can also use RSA's SecureID which
> provides a one-time "password" as well.  Additionally, you
> can use LDAP to store user credentials and have VPN-1
> authenticate users against a directory is you purchase and
> install the LDAP Account Management license.
>
> That covers the user side.
>
> Using dynamic credentials for site-to-site tunnels can not be
> done and doesn't make much sense anyway.  Pre-shared secrets
> or digital certs are the only methods available to you (both
> in the encryption tab of a FW object in the policy editor as
> well as, I _believe_, in the IETF standard specification for IKE).
>
> Chris
>
> -----Original Message-----
> From: Iztok Umek [mailto:[email protected]]
> Sent: Thursday, November 08, 2001 10:57 AM
> To: [email protected]
> Subject: [FW-1] FW-1/VPN-1 with IKE and dynamic passwords how-to?
>
>
> Is there any how-to to make VPN-1 (and CP vpn clients) use
> dynamic passwords with IKE encryption?
>
> As far as I figured out you have to define
> usernames/passwords within product itself (static) and can't
> use LDAP or s/key or OPIE or something like that.
>
> Any "how-to's"?
>
> Regards,
>         Iztok
>
> ===============================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.htm> l
>
> ===============================================
>

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.