On Thu, Jun 08, 2000 at 10:23:38AM +0000, [EMAIL PROTECTED] wrote:
> My understanding is that many cable modems/routers use proprietary
> encrpytion schemes for the cable modem/router to cable operator Head End
> (INA) that support the NAT functions - I am not sure what happens after it
> has passed onto to general internet though - probably nothing ?
You'd have to get a protocol analyser to see exactly what it did,
if anything.
> a. What is admin overhead of IKE vs FWZ - is it easy to maintain keys at
> client and server end ?
The client end doesn't matter so much. On the server end, it's basically
the same. Unless you use Hybrid authentication, IKE passwords are defined
in the Encryption tab.
> b. I heard that the IKE standard supports 3 modes - 1 of which still only
> has 1 key - or does CP not support this mode ?
I haven't heard this. Keys are negotiated upon first connection.
> c. What impact (apart from waiting forever for the license for 3DES !) does
> 3DES have on admin etc. and how easy is it to transfer from DES-FWZ to
> DES-IKE or 3DES-IKE ?
Depends on the version of binaries you've already got installed. It's
basically an upgrade if not (fw ver should show VPN + DES + STRONG if
you've got the right version). Then, of course, you'll need the licenses.
Note you can do IKE without 3DES as well, you'll just be using DES.
> d. Is LDAP authenication supported across all schemes ?
I believe so, though I don't remember if I tried that.
-- PhoneBoy
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
