[Openswan Users] CheckPoint Firewall Hybrid Mode
Michael Schwartzkopff
misch at multinet.de
Mon Jul 4 17:07:28 CEST 2005
Am Montag, 4. Juli 2005 15:58 schrieb mei04014 at fe.up.pt:
> Hi,
>
> Thanks for your reply, but i don't quite understand you...
>
> I'm trying to make a tunnel between my linux box and a Checkpoint Firewall,
> using hybrid method.
>
> The way hybrid method works, as far as i understood it, is:
> -A phase 1 exchange authenticates the firewal using RSA
> -after that, a Transaction Exchange is initiated by the firewall, protected
> by the IKE SA negotiated in phase 1. and where the user is authenticated.
> -upon sucessfull completion of the exchange the IKE SA can be used for
> other purposes, like Quick mode...
>
> What i qould like to know, and if possible get an example, is if an
> openswan linux client supports this kind of assymetric authentication...
>
> Manuel Gomes
I don't believe that linux would support such a authentication scheme. But why
don't you just install plain PSK authentication with linux. Let the others
(Checkpoint SecuRemote, ...) do what they want. Configure a PSK tunnel with
the linux firewall (or client). It really works.
--
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn
Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75
PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20050704/bae9d677/attachment.bin
More information about the Users
mailing list