Isn't Checkpoints implementation of ISAKMP/OAKLEY with MD5 checksuming broke in v4.0? I'm searching around for my notes/references, but can't seem to dig it up. Robert - - Robert P. MacDonald, Network Engineer e-Business Infrastructure G o r d o n F o o d S e r v i c e Voice: +1.616.261.7987 email: [EMAIL PROTECTED] >>> <[EMAIL PROTECTED]> 6/9/00 8:35:22 AM >>> > >You must use "pre-shared secrets" as version 4.0 of cp will not allow any >other type of auth with IKE except certificates. >If you need this functionality, move to 4.1/2000 and use hybrid mode auth. > >Unfortunately, you might never know this, since CP lets you select it >anyways... > >Thomas Poole > >-----Original Message----- >From: Sam, Garson (CA - Vancouver) [mailto:[EMAIL PROTECTED]] >Sent: Thursday, June 08, 2000 1:08 PM >To: [EMAIL PROTECTED] >Subject: [FW1] Q: Setting Up IKE/ISAKMP Encryption for SecureRemote VPN > > > >I am currently running FW1 4.0 on NT SP 6a. I have the VPN working under >the FWZ protocol. However, right now I am trying to get it to work under >IKE as well. > >When I bring up my SecureRemote client, and try to connect to the firewall, >I get the usual prompt asking for the username and password. I enter this >information, and there is a long delay, and it says "Communicaiton to site >_____ has failed". I look in the FW1 long, but there is no instance of any >encryption or authentication like there is with FWZ. (When I startup my >computer, there is a log entry about the "ISAKMP Log: FW-1 ISAKMP daemon: >started". > >I have done 2 things to setup IKE/IKMP. > >Under the user object (i.e. SecureRemote user), >Authentication Tab: Authentication Scheme is set to "OS Password" >Encryption Tab: Both ISAKMP/OAKLEY and FWZ are checked off. >Properties of ISAKMP/OAKLEY: Authentication Scheme is password (I have >entered a password). > Encryption Properties is "Encryption + Data Integrity", MD5, DES >(I authenticate with FWZ MD5 DES and it works). > >Under the firewall object: >Authentication Tab: Enabled Schemes: OS Password >Encryption Tab: Encryption Defined: ISAKMP/OAKLEY and FWZ > Encryption Properties for ISAKMP/OAKLEY: DES, MD5. Authentication Method: >Pre Shared Secret. (There is nothing > under "Edit Secrets" -- I am unable to add anything there). Supports >Aggressive Mode is selected. > (Note: Public Key Signatures is unchecked). > >On the client computer, I loaded up SecureRemote and set it to try IKE >before FWZ (so that I can test my ISAKMP encryption). > >Does anybody have any suggestions? > >Thanks > >Garson ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
