[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Hybrid Mode IKE breaking the gateway VPN

To: "Fw-1-Mailinglist (E-mail)" <fw-1-mailinglist@lists.us.checkpoint.com>
Subject: [FW1] Hybrid Mode IKE breaking the gateway VPN
From: Paul Carmichael <pcarmichael@securenet.com.au>
Date: Fri, 3 Nov 2000 17:18:11 +1100

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


Hi,


I have a strange issue with the implementation of Hybrid Mode IKE.

1/ First running 4.1 SP2 on the Nokia's with NT management server
2/ Gateway to gateway VPN using IKE with pre shared secrets.
3/ Using SecuRemote 4165 works ok.


Next when things go wrong, is when the implementation of Hybrid mode so
users can use Radius Authentication.
1/ Firstly I have followed the IKE implementation document is on the
Checkpoint Web site.
2/ I create the internalca on the management server
3/ After creating the certifcates for each of the firewall objects the
existing gateway to gateway VPN stops working. 

What i can see happening is the gateways are trying to using the
certificates instead of the per shared keys, why is this happening and how
can i stop this? 

What i do not understanding is why implementating hybrid hode IKE interfers
with the gateway VPN ?

If any one could help you assistance would be greatly appreciated. I have
spoken to a number of people at Checkpoint and there "should" not be any
issues. 


thanks

Paul Carmichael
IT Security Engineer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SecureNet  Ltd
Level 3, 1 James Place,
North Sydney,
NSW 2000 AUSTRALIA

Ph: +61 2 9957 1000     Email: pcarmichael@securenet.com.au
Fx: +61 2 9957 1111     Web : http://www.securenet.com.au
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  



*************************************************************************************
This email message has been swept by MIMEsweeper for the presence of computer 
viruses.
www.mimesweeper.com
*************************************************************************************


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] vmware and SecuRemote
Next by Date: [FW1] SSL to Nokia Box
Prev by thread: [FW1] VRRP and Token Ring Problem
Next by thread: [FW1] SSL to Nokia Box
Index(es):
- Date
- Thread