NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] SecurID Authentication with IKE/3DES tunnel



Title: RE: [FW1] SecurID Authentication with IKE/3DES tunnel

Dan,

        Actually, I have no problems getting ACE authentication to work with SecuRemote.  I was actually being intentionally vague, but perhaps a little too much.  So what I have is hardware based VPN solutions that USE IKE with Strong (3DES) encryption.  Since these boxes are always on and ensure infinite access to the network, I want for the user to have to pre-authenticate their session, and I want it to time out after a specified time.  I have tried Client auth w/ encryption using both ports 259 and 900, but it doesn't seem to stick.  I will not be using session auth, but I have a feeling that there is something that I have missed and that I shouldn't be too far away from inspiration.

        I hope that this extra information helps.

                Thanks,

                        Chad
.
.

-----Original Message-----
From: Dan Hitchcock [mailto:[email protected]]
Sent: Thursday, January 25, 2001 9:05 AM
To: '[email protected]'; '[email protected]'; Mansfield, Chad
Subject: RE: [FW1] SecurID Authentication with IKE/3DES tunnel


To use SecurID with 3DES for SecuRemote authentication, you must configure
Hybrid Mode IKE.  The document for this can be found at
http://support.checkpoint.com/kb/docs/public/securemote/4_1/pdf/hybrid-2-10.
pdf

As for Chad's original question, please repost with more information.  The
default behavior of SecuRemote is to require authentication each time you
connect.  Unless you have enabled SSO, you must enter a password every time
you connect.  If you are referring to a site-to-site VPN, please repost with
more details regarding what you're trying to accomplish.

Dan Hitchcock
Network Engineer

[email protected]
Xylo, Inc.
The work/life solution for corporate thought leaders


-----Original Message-----
From: [email protected]
[mailto:[email protected]]
Sent: Wednesday, January 24, 2001 11:52 PM
To: '[email protected]'; Mansfield, Chad
Subject: Re: [FW1] SecurID Authentication with IKE/3DES tunnel



Am 24 Jan 2001, um 16:23 hat Mansfield, Chad geschrieben:

> All,
>
>             I have a VPN rolled out using IKE/3DES, and I would like to
have
> it so that the distant user must authenticate his connection before any
> traffic will be allowed through the tunnel.  I have tried multiple
methods,
> but I have not been successful in getting it to work.  Basically all of
the
> tunnels are unique, some tunnels are completely open and others are
> restricted by service.  I would appreciate any guidance that you could
> offer.
>
>                         Thanks in advance,
>
>                                     Chad T. Mansfield
>

I have the also the problem to authenticate Securemote-IKE/3DES
user by Securid.  Instead of the authentication scheme (Securid/
Password) from the authenticataion tab allways the password from
the IKE-Properies is used.

Any solutions?

Thanks





Gruß

Peter-Ch. Gentz

i.A. Charite Ref Va Kommunikationsnetze

Tel    030-2802-5223
FAX:   030-2802-3615
EMail: [email protected]



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.