NG AI on IPSO 3.7 build 23 and NG AI SecuRemote:
We switched the "Remote Access" -> "VPN - Advanced" -> "User Encryption
Properties" from 3DES to AES-128 for the Encryption Algorithm. After
pushing the policy and re-authenticating, we get rejects on on Encryption
Scheme: "IKE". -> reason: "Client Encryption: The user is not defined
properly." The gateway then sends a "Client Encrypt Notification" with the
error to the client. After that, they seem to negotiate phase II, and
everything works after that. I am just curious if you can force the
encryption algorithm on the client, so they don't have to negotiate twice.
-Aaron
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
