Penetration Testing mailing list archives
RE: how IKE works in case of Checkpoint Firewall
From: DABDELMO () bouyguestelecom fr
Date: Mon, 25 Jun 2001 15:36:52 +0200
IKE in VPN-1 takes place the normal way (the proof is that it can work with other implementations ;)). The first phase is classical, the goal is to buil the SA ISAKMP using DH, and a preshared key or a certificate for authentication. The second phase build the 2 SAs needed for the data exchange. What can be confusing is that you can not configure DH on VPN-1, you just have to know that it is group 2 (1024 bits), and it can not be changed (not from what I know at least). Though DH can not be configured, you can at least activate PFS, which is of course PFS group 2. Regards David
-----Message d'origine----- De: priya subramanian [SMTP:pentesting () yahoo co in] Date: lundi 25 juin 2001 07:03 À: pen-test () securityfocus com Objet: how IKE works in case of Checkpoint Firewall In my understanding IKE invloves two phases wherin the DH keys and the CA keys are exchanged and a secret key is derived for encryption. But when configuring IKE VPN in a checpoint firewall we do exchenge any DH keys.. only a preshared secret is directly given. This is really confusing. Could anyone elaborate on how exactly IKe encryption works with Firewall-1 Regards Priya ____________________________________________________________ Do You Yahoo!? For regular News updates go to http://in.news.yahoo.com
Current thread:
- how IKE works in case of Checkpoint Firewall priya subramanian (Jun 25)
- Re: how IKE works in case of Checkpoint Firewall Tina Bird (Jun 26)
- <Possible follow-ups>
- RE: how IKE works in case of Checkpoint Firewall DABDELMO (Jun 25)
- RE: how IKE works in case of Checkpoint Firewall DABDELMO (Jun 25)
- RE: how IKE works in case of Checkpoint Firewall DABDELMO (Jun 27)