![]() ![]() ![]() The peers exchange DH Key material (random bits and mathematical data) and methods for PhaseII are agreed for encryption and integrity. Each peer generates a shared secret from its private key and its peers public key, this is the DH key. Each peer generates a private Diffie-Hellman key from random bits and from that derives a DH public key. Peers Authenticate using Certificates or a pre-shared secret. PHASE1: negotiates encryption methods (DES/3DES/AES etc), the key length, the hash Algorithm (MD5/SHA1) and creates a key to protect the messages of the exchange. ![]() Note that another useful tool is " vpn debug on mon " which writes all of the IKE captured data into a file ikemonitor.snoop which you can open with wireshark or ethereal. Check Point have a tool called IKEView.exe which parses the information of ike.elg into a GUI making this easier to view. To enable debugging, you need to login to your firewall and enter the command " vpn debug on vpn debug ikeon " or " vpn debug trunc ". The $FWDIR/log/ike.elg file contains this information ( once debugging is enabled ). ![]() VPN TROUBLESHOOTING : REFFER: vpn-trouble-shooting.html Basics: IKE negotiation consists of two phases - Phase I (Main mode which is six packets) and Phase II (Quick Mode which is three packets). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |