RE: how IKE works in case of Checkpoint Firewall

[DABDELMO () bouyguestelecom fr]

IKE in VPN-1 takes place the normal way (the proof is that it can work with
other implementations ;)). The first phase is classical, the goal is to buil
the SA ISAKMP using DH, and a preshared key or a certificate for
authentication. The second phase build the 2 SAs needed for the data
exchange. What can be confusing is that you can not configure DH on VPN-1,
you just have to know that it is group 2 (1024 bits), and it can not be
changed (not from what I know at least). Though DH can not be configured,
you can at least activate PFS, which is of course PFS group 2.
Regards

David

> -----Message d'origine-----
> De:   priya subramanian [SMTP:pentesting () yahoo co in]
> Date: lundi 25 juin 2001 07:03
> À:    pen-test () securityfocus com
> Objet:        how IKE works in case of Checkpoint Firewall
>
> In my understanding IKE invloves two phases wherin the
> DH keys and the CA keys are exchanged and a secret key
> is derived for encryption.
>
> But when configuring IKE VPN in a checpoint firewall
> we do exchenge any DH keys.. only a preshared secret
> is directly given. This is really confusing.
>
> Could anyone elaborate on how exactly IKe encryption
> works with Firewall-1
>
> Regards
> Priya
>
> ____________________________________________________________
> Do You Yahoo!?
> For regular News updates go to http://in.news.yahoo.com