Penetration Testing mailing list archives

RE: how IKE works in case of Checkpoint Firewall

From: DABDELMO () bouyguestelecom fr
Date: Mon, 25 Jun 2001 17:29:37 +0200

I guess I had another problem last time I tested that, cause in fact it does
not use necessarily DH group 2. It can also use group 1. The decision about
the DH group is probably made following the proposals of the IKE peer. If
there is a compatible IKE proposal made with DH group 1 then group 1 is
used, if it is with group 2 then this is group 2. At least it seems to
behave this way.

David

-----Message d'origine-----
De:   NET2S - ABDELMOULAH, David 
Date: lundi 25 juin 2001 15:37
À:    pen-test () securityfocus com
Objet:        RE: how IKE works in case of Checkpoint Firewall

IKE in VPN-1 takes place the normal way (the proof is that it can work
with
other implementations ;)). The first phase is classical, the goal is to
buil
the SA ISAKMP using DH, and a preshared key or a certificate for
authentication. The second phase build the 2 SAs needed for the data
exchange. What can be confusing is that you can not configure DH on VPN-1,
you just have to know that it is group 2 (1024 bits), and it can not be
changed (not from what I know at least). Though DH can not be configured,
you can at least activate PFS, which is of course PFS group 2.
Regards

David

-----Message d'origine-----
De: priya subramanian [SMTP:pentesting () yahoo co in]
Date:       lundi 25 juin 2001 07:03
À:  pen-test () securityfocus com
Objet:      how IKE works in case of Checkpoint Firewall

In my understanding IKE invloves two phases wherin the
DH keys and the CA keys are exchanged and a secret key
is derived for encryption.

But when configuring IKE VPN in a checpoint firewall
we do exchenge any DH keys.. only a preshared secret
is directly given. This is really confusing.

Could anyone elaborate on how exactly IKe encryption
works with Firewall-1

Regards
Priya

____________________________________________________________
Do You Yahoo!?
For regular News updates go to http://in.news.yahoo.com

Current thread:

how IKE works in case of Checkpoint Firewall priya subramanian (Jun 25)
- Re: how IKE works in case of Checkpoint Firewall Tina Bird (Jun 26)
- <Possible follow-ups>
- RE: how IKE works in case of Checkpoint Firewall DABDELMO (Jun 25)
- RE: how IKE works in case of Checkpoint Firewall DABDELMO (Jun 25)
- RE: how IKE works in case of Checkpoint Firewall DABDELMO (Jun 27)