Tim, I'll bite...but you may have already found
the solution. Warning, not doing hybrid yet.
What is the default encryption scheme on your
SecureRemote client? See Tools->Encryption
Scheme and check IKE. Does this help at all?
Robert
- -
Robert P. MacDonald, Network Engineer
Team Lead, e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> Chilton Tim <[EMAIL PROTECTED]> 12/8/00 10:24:20 AM >>>
>
>REPOST
>
>No takers ?
>
>I assume that nobody is using IKE for SecureClient/SecureRemote ?
>
>Cheers
>Tim
>
>-----Original Message-----
>From: Chilton Tim
>Sent: 07 December 2000 17:20
>To: [EMAIL PROTECTED]
>Subject: IKE Phase 2 delays before VPN forms
>
>Hi,
>
>I'm currently bringing up IKE encryption to complement FWZ encryption to
>end-users and I'm seeing a slow phase 2 completion message.
>
>Auth goes something like this
>
>Connect at IP level
>Telnet to a host in the encryption domain.
>SecureClient pops up, enter credentials and hit return
>Firewall logs RADIUS event
>Firewall logs phase 1 with correct encryption etc.
>
>< Delay > - about 1 minute if 3DES and DES enabled, shorter if only DES
>
>After the delay, phase 2 completion recorded
>
>Repeating the telnet at this point connects to the machine in the encryption
>domain.
>
>Checkpoint are trying to tell me that this is "normal" but it seems a little
>suspect to me.
>
>Can anyone else who's using IKE on CP2000 SP2 (preferably with Hybrid
>authentication) confirm what sort of authentication delays they are seeing.
>
>Note that the same system on FWZ results in a 1-2 second logon which is
>fine.
>
>Cheers
>Tim
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
