Unfortunately, the book is incorrect. It actually would indicate that the VPN-1 is
incapable of using 3DES for data exchange, which can be proven incorrect by setting
FWIKE_DEBUG = 1 and restarting FW or SR/SC. You will then see in the logs the
transforms for phase 1 and phase 2 of ike.
Yeah Jim, I guess somebody needs to do some QA on the documentation....
Cheers,
CT
Jim Sweeting wrote:
> Jeff,
>
> I might be wrong about this but according to the definition of IKE / IPSEC
> in the Checkpoint 2000 VPN manual (page 16). 3DES is used for the initial
> key negotiation and then DES is used for encrypting the actual traffic.
>
> Jim
>
> -----Original Message-----
> From: CryptoTech [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, 9 December 2000 12:00 p.m.
> To: jeff Crawley
> Cc: [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: [FW1] IKE VPN FW-1 <> Cisco
>
> Jeff,
> Is 3DES enabled on the firewall module VPN->IKE->transforms box under manage
> network
> objects.
>
> CryptoTech
>
> jeff Crawley wrote:
>
> > Thanks to the guys that answered my question.
> >
> > With your help I have got this running. One thing I want to add though.
> >
> > In the Encryption action of the rule I only have the option to set DES and
> > not 3DES. This is what was holding us up. The Cisco was set for 3DES in
> > phase 2.
> >
> > Is there no option for 3DES in phase2?
> >
> > Once again Guys, Thanks
> >
> > Jeff
> >
> ____________________________________________________________________________
> _________
> > Get more from the Web. FREE MSN Explorer download :
> http://explorer.msn.com
> >
> >
> ============================================================================
> ====
> > To unsubscribe from this mailing list, please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> >
> ============================================================================
> ====
>
> ============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
