[VPN] Checkpoint NG FP2

Siddhartha Jain losttoy2000 at yahoo.co.uk
Thu May 1 04:30:40 EDT 2003


If you have two boxes, A and B, then both must know
each other's certifying authorities. Or both must have
certificates issued from the same CA. A presents a
cert to B, how does B validate that its valid?? By
checking with its own CA or by checking with A's CA.
Get this straight if you want to use certificate based
IKE.

Yes, you can use pre-shared keys in Checkpoint. But
using certs is definitely more secure and robust.

Siddhartha


 --- "Raymakers, Guy" <guy.raymakers at eds.com> wrote: >
I'm trying to setup a VPN between two Nokia IP350's
> running Checkpoint NG
> FP2. I've used the internal_ca to generate
> certificates on both systems.
> When the two system try to establish the IPsec
> connection, I only see in the
> logs 'invalid certificate' and certificate
> validation timeouts. Any ideas
> and is there a possibility to use pre-shared key's
> (between two fully
> managed FP2 checkpoints)?
> 
> Many thanks,
> Guy
> 
>  

__________________________________________________
Yahoo! Plus
For a better Internet experience
http://www.yahoo.co.uk/btoffer



More information about the VPN mailing list