[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Win2000 IKE and 3des

To: michaelr@cisco.com
Subject: RE: Win2000 IKE and 3des
From: Sami Vaarala <sami.vaarala@netseal.com>
Date: Thu, 11 May 2000 11:02:02 +0300
CC: mdkoning@vanenburg.com, ipsec@lists.tislabs.com
Organization: NetSeal Technologies
Sender: owner-ipsec@lists.tislabs.com

Hi,

>Are both of you saying that if you set your policy for 3-DES ONLY (not >3-DES prefered but 3-DES only) that Windows 2000 will negotiate DES >anyway?

Yes, that seems to be the case.  I have only checked that if I configure
3des, it will send des as an initiator, and a phase 1 SA with des will
be formed (if the remote end accepts des).  Haven't checked if it works
this way as a responder; probably will.

>Or are you saying that Windows 2000 will fall back from 3-DES to DES if >your configured policy lets it do so and the peer doesn't support >3-DES?

No.  This would be the correct way to function, and there would not be
an issue if this were the case.

>The former is a bug which I've not seen in Windows 2000.  The latter is
>expected behavior since you configured it to do so.

My point exactly.  The latter behavior would be the one I would prefer
to see, of course.

--
Sami Vaarala (sami.vaarala@netseal.com)
NetSeal Technologies
http://www.netseal.com/

Follow-Ups:

Re: Win2000 IKE and 3des

From: Will Price <wprice@cyphers.net>

Prev by Date: Re: FW: WG Last call: draft-ietf-ipsec-ecn-02.txt
Next by Date: RE: Windows 2000 and Cicsco router interoperability
Prev by thread: RE: Win2000 IKE and 3des
Next by thread: Re: Win2000 IKE and 3des
Index(es):
- Main
- Thread