[VPN] Netscreen SCEP and iPlanet CA
David Klein
dklein at netscreen.com
Wed Feb 19 09:50:46 EST 2003
Yes, this is supported in Global Pro 4.0.0r2. You select "Distinguished
Name" in the Device's "IKE ID's" property settings. You also have to place
the Device's protected resource in a VPN definition with certs selected as
Phase 1 authentication and not pre-shared secret.
Support of 4.0.0DIAL for the NS5xt should be in Global Pro 4.1 due out early
April, 2003.
Dave Klein
-----Original Message-----
From: Juri.Reitsakas at Vorguvara.ee [mailto:Juri.Reitsakas at Vorguvara.ee]
Sent: Wednesday, February 19, 2003 5:44 AM
To: David Klein; vpn at lists.shmoo.com
Subject: RE: [VPN] Netscreen SCEP and iPlanet CA
Hi David,
Thank you very much for information.
I was able to configure boxes without SubAltName just using the dn as you
describe.
> set ike gateway peer-gw ip 5.5.5.5 id asn1-dn wildcard
cn=gw-test,o=netscreen,c=us" main local-id[DistinguishedName]
outgoing-interface ethernet1 proposal rsa-g2-3des-sha
Thank you.
PS! May i ask the few questions
Does GlobalManager Pro 4.0.0r2 support this configuration?
Do you have idea when GMPro will support DIAL for XT?
Best Regards
Juri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/vpn/attachments/20030219/464be8db/attachment.htm
More information about the VPN
mailing list