IPSEC VPN, Checkpoint, and Aggressive mode
Hi,
I'm trying to make OSX 10.4.6 and IPSecuritas 2.1 make a VPN connection to a Checkpoint NGX (R60) firewall. This worked with a previous version of the firewall R54 with no issues. With R60, Checkpoint has disabled IKE Phase I aggressive mode. Aggressive mode is supposed to be a known security hole that can allow attackers to hijack VPN connections.
Several questions come to mind. Is the IPSEC support in 10.4.6 a full implemention of IPSEC, including Phase I Main and/or Base modes? I can't seem to get IPSecuritas to get past Phase I without Aggressive mode turned on in the client.
If Main is not supported in 10.4.6, is Apple going to include it? I'm a little confused because I'm not exactly an IPSEC expert and I'm not sure how IPSecuritas interfaces with the base IPSEC support in Tiger. In other words, I don't know if this is a Tiger problem, and IPSecuritas problem, or both.
Thanks for any help.
Brian.
MacBook Pro Mac OS X (10.4.6)
MacBook Pro Mac OS X (10.4.6)
MacBook Pro Mac OS X (10.4.6)
I'm trying to make OSX 10.4.6 and IPSecuritas 2.1 make a VPN connection to a Checkpoint NGX (R60) firewall. This worked with a previous version of the firewall R54 with no issues. With R60, Checkpoint has disabled IKE Phase I aggressive mode. Aggressive mode is supposed to be a known security hole that can allow attackers to hijack VPN connections.
Several questions come to mind. Is the IPSEC support in 10.4.6 a full implemention of IPSEC, including Phase I Main and/or Base modes? I can't seem to get IPSecuritas to get past Phase I without Aggressive mode turned on in the client.
If Main is not supported in 10.4.6, is Apple going to include it? I'm a little confused because I'm not exactly an IPSEC expert and I'm not sure how IPSecuritas interfaces with the base IPSEC support in Tiger. In other words, I don't know if this is a Tiger problem, and IPSecuritas problem, or both.
Thanks for any help.
Brian.
MacBook Pro Mac OS X (10.4.6)
MacBook Pro Mac OS X (10.4.6)
MacBook Pro Mac OS X (10.4.6)