[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] SecuRemote Session Timeout for IPSEC (using CAPI)
hi all, I've managed to setup SecuRemote VPN1 NG working through an OPSEC PKI. The authentication at the client side is using USB Minikeys from AR which provides the CAPI interface to the SecuRemote. During my testing, I have 2 observations which I hope someone can advise: 1) When the secure IPSEC connection is established, and I'm running 2 telnet and 1 ftp sessions, the SecuRemote icon in my notebook (Win98) shows that it is "idle", instead of the regular envelop opening/closing action. This is obviously not true as the logs on the VPN1 gateway clearly shows that the connections are "decrypt". 2) More importantly, when I removed the USB Minikey token (which contains the IPSEC privatekey and certificate), the secure connections still persist. I've changed all the timeouts (Client Authentication, IKE negotiation, IPSEC negotiation) on the gateway to 5 minutes, but after 30 minutes, my secure connections still persist. In fact, I can even open new secure connections to the servers protected by the VPN1. The only way to stop the connection is to "Erase password" on the SecuRemote, which forces me to re-insert my token, in order to proceed with the authenticated session. Is there some parameter I can set for the SecuRemote to check that the token is still inserted, and kill the connections if otherwise ? Thanks. regards, Teik ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|