[Openswan Users] CheckPoint Firewall Hybrid Mode

Michael Schwartzkopff misch at multinet.de
Mon Jul 4 17:07:28 CEST 2005

Am Montag, 4. Juli 2005 15:58 schrieb mei04014 at fe.up.pt:
> Hi,
> Thanks for your reply, but i don't quite understand you...
> I'm trying to make a tunnel between my linux box and a Checkpoint Firewall,
> using hybrid method.
> The way hybrid method works, as far as i understood it, is:
> -A phase 1 exchange authenticates the firewal using RSA
> -after that, a Transaction Exchange is initiated by the firewall, protected
> by the IKE SA negotiated in phase 1. and where the user is authenticated.
> -upon sucessfull completion of the exchange the IKE SA can be used for
> other purposes, like Quick mode...
> What i qould like to know, and if possible get an example, is if an
> openswan linux client supports this kind of assymetric authentication...
> Manuel Gomes

I don't believe that linux would support such a authentication scheme. But why 
don't you just install plain PSK authentication with linux. Let the others 
(Checkpoint SecuRemote, ...) do what they want. Configure a PSK tunnel with 
the linux firewall (or client). It really works.

Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn

Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20050704/bae9d677/attachment.bin

More information about the Users mailing list