IKE in VPN-1 takes place the normal way (the proof is that it can work with other implementations ;)). The first phase is classical, the goal is to buil the SA ISAKMP using DH, and a preshared key or a certificate for authentication. The second phase build the 2 SAs needed for the data exchange. What can be confusing is that you can not configure DH on VPN-1, you just have to know that it is group 2 (1024 bits), and it can not be changed (not from what I know at least). Though DH can not be configured, you can at least activate PFS, which is of course PFS group 2. Regards David > -----Message d'origine----- > De: priya subramanian [SMTP:pentestingat_private] > Date: lundi 25 juin 2001 07:03 > À: pen-testat_private > Objet: how IKE works in case of Checkpoint Firewall > > In my understanding IKE invloves two phases wherin the > DH keys and the CA keys are exchanged and a secret key > is derived for encryption. > > But when configuring IKE VPN in a checpoint firewall > we do exchenge any DH keys.. only a preshared secret > is directly given. This is really confusing. > > Could anyone elaborate on how exactly IKe encryption > works with Firewall-1 > > Regards > Priya > > ____________________________________________________________ > Do You Yahoo!? > For regular News updates go to http://in.news.yahoo.com
This archive was generated by hypermail 2b30 : Mon Jun 25 2001 - 06:52:23 PDT