PHASE1: negotiates encryption methods (DES/3DES/AES etc), the key length, the hash Algorithm (MD5/SHA1) and creates a key to protect the messages of the exchange. Note that another useful tool is " vpn debug on mon " which writes all of the IKE captured data into a file ikemonitor.snoop which you can open with wireshark or ethereal.
Check Point have a tool called IKEView.exe which parses the information of ike.elg into a GUI making this easier to view. To enable debugging, you need to login to your firewall and enter the command " vpn debug on vpn debug ikeon " or " vpn debug trunc ".
The $FWDIR/log/ike.elg file contains this information ( once debugging is enabled ). VPN TROUBLESHOOTING : REFFER: vpn-trouble-shooting.html Basics: IKE negotiation consists of two phases - Phase I (Main mode which is six packets) and Phase II (Quick Mode which is three packets).
0 kommentar(er)
