Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] IKE over TCP or UDP

To: [email protected]
Subject: Re: [FW-1] IKE over TCP or UDP
From: Chris Tidwell <[email protected]>
Date: Fri, 7 Mar 2003 09:07:07 -0600
Comments: To: zzdeb <[email protected]>
In-reply-to: <[email protected]>
Organization: Check Point Software Technologies
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

zzdeb,

It's primarily for SR/SC behind a NAT device.

In phase1 key exchange if certificates are used some packets can be
quite large resulting in fragmentation.  These particular NAT devices
do not handle fragmented UDP packets well and usually drop them.  To
overcome this IKE over TCP, which enables retransmission and better
handling of fragmented packets.

--

Chris Tidwell
Central Region Security Engineer
Check Point Software Technologies(V)(F)

http://www.checkpoint.com

WE SECURE THE INTERNET

* VPN-1 SecuRemote Demo:
        http://www.checkpoint.com/vpndemo/
* Check Point Partner Email:
        http://www.checkpoint.com/partners/list.html
* Technical Support Knowledge Base:
        http://support.checkpoint.com/kb/index.html
* Help Desk:
        http://www.checkpoint.com/operations/
* Public Support Site:
        http://www.checkpoint.com/techsupport/index.html
* Public Configuration Documents:
        http://support.checkpoint.com/service/publisher.asp
* Healthcare Security Information Center:
        http://www.checkpoint.com/products/hipaa/

______________________________________
This message may contain confidential and/or proprietary information,
and is intended only for the person/entity to whom it was originally addressed.
The content of this message may contain private views and opinions which do not
constitute a formal disclosure or commitment unless specifically stated.


Friday, March 7, 2003, 7:54:20 AM, you wrote:

z> Hi!
z> Why to use IKE over tcp instead of IKE over UDP?

z> Thanks


z> __________________________________________________
z> Do You Yahoo!?
z> Everything you'll ever need on one web page
z> from News and Sport to Email and Music Charts
z> http://uk.my.yahoo.com

z> =================================================
z> To set vacation, Out Of Office, or away messages,
z> send an email to [email protected]
z> in the BODY of the email add:
z> set fw-1-mailinglist nomail
z> =================================================
z> To unsubscribe from this mailing list,
z> please see the instructions at
z> http://www.checkpoint.com/services/mailing.html
z> =================================================
z> If you have any questions on how to change your
z> subscription options, email
z> [email protected]
z> =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] IKE over TCP or UDP
  - From: zzdeb <[email protected]>

Prev by Date: Re: [FW-1] FP3 Install Problems
Next by Date: Re: [FW-1] transfer rules / policy from one firewall to another
Previous by thread: [FW-1] IKE over TCP or UDP
Next by thread: Re: [FW-1] IKE over TCP or UDP
Index(es):
- Date
- Thread