in a fully dynamic ipsec, you would check the perfect forward secrecy tab, which
would force renegotiation of the
skey_e
skey_a
and skey_r for rekeying phase 1 and creating the new skey_r for phase 2 SA
renegotiations.
CryptoTech
Dan Hitchcock wrote:
> This is what IKE (Internet Key Exchange) accomplishes. You can set the
> re-keying interval in minutes (it's important to make sure that the peers
> agree on a negotiation interval). 4.1 calls it IKE; earlier versions of FW1
> refer to it as ISAKMP/Oakley.
>
> Hope that helps -
>
> Dan Hitchcock
> CCNA, MCSE
> Network Engineer
> Xylo, Inc.
> 425.456.3970
> The work/life solution for corporate thought leaders
>
> -----Original Message-----
> From: Gus Reyes [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 11, 2000 2:03 PM
> To: [EMAIL PROTECTED]
> Subject: [FW1] Dynamic IPSEC in Checkpoint VPN
>
> Is there such a thing as dynamic ipsec in CP VPN? I want to implement a VPN
> with another site who is using Alcatel and they want to setup Dynamic IPSEC
> (a method that randomly changes keys - for better security). I don't see
> this function anywhere in CP unless 'seed' means the same thing. Anyone
> know?
>
> Gus
>
> ============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
