[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] IKE/ACE Authenticated Topology downloads for SecuRemote ?

To: 'Jeff Newton' <Jeff_Newton@pmc-sierra.com>, fw1-wizards@phoneboy.com
Subject: RE: [FW1] IKE/ACE Authenticated Topology downloads for SecuRemote ?
From: Dan Hitchcock <danh@xylo.com>
Date: Thu, 2 Nov 2000 09:37:44 -0800
Cc: fw-1-mailinglist@lists.us.checkpoint.com

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


Nope, you're not missing anything.  Checkpoint support verified that this is
exactly the case.  You cannot download topology using hybrid mode
authentication.

This is lame.

A workaround is to maintain account(s) with shared secret auth and no
network access privileges (done via user groups or in the user definition
itself) strictly for the purpose of topology download.  What I haven't been
able to test is if automatic topology update works with hybrid mode.  I
would expect that it doesn't - anyone?

Dan Hitchcock
CCNA, MCSE
Network Engineer
Xylo, Inc. (formerly employeesavings.com)
425.456.3970
The work/life solution for corporate thought leaders


-----Original Message-----
From: Jeff Newton [mailto:Jeff_Newton@pmc-sierra.com]
Sent: Wednesday, November 01, 2000 4:04 PM
To: fw1-wizards@phoneboy.com
Cc: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] IKE/ACE Authenticated Topology downloads for SecuRemote?




I've got SecurID authentication to work with IKE for SecuRemote 
sessions but can't seem to use it to do topology/key downloads.  Am I
limited to IKE/shared secret for topology downloads?

Seems silly for Checkpoint to offer hybrid mode, support SecurID for
the session auth and then limit topology downloads to shared secrets?

Am I missing something here?

Cheers, 

----
Jeff Newton
Security Analyst
PMC-Sierra Inc.



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Securemote installation problem
Next by Date: [FW1] SR over @HOME connection
Prev by thread: RE: [FW1] Securemote installation problem
Next by thread: [FW1] SR over @HOME connection
Index(es):
- Date
- Thread