Table of Contents
Advertisement
!
The Voyager-based version of Check Point's cpconfig program makes it easier
for you to enable IKE acceleration—you simply choose the option for
registering the PKCS #11 module. If you want to use IKE acceleration, use
the Voyager-based version of cpconfig (instead of running cpconfig at a
command prompt) to perform the initial configuration of VPN-1/FireWall-1.
For more information on phase 1 and phase 2 negotiations, and other related
information about establishing secure connections using IPsec, click
Introduction.
Hot Swapping Nokia Encryption Accelerator Cards
You can hot swap an encryption accelerator card—remove the card while
your network application platform is running and then reinsert it or insert
another accelerator card—on some appliances.
Under IPsec, when you hot swap the card, the ipsec policy manager daemon
will continue to forward packets to the crypto acceleration card if phase 2 was
not renegotiated. If phase 2 was renegotiated, then the CPU will handle the
packets until the lifetime value of phase 2 is decremented. This value is set in
the Active Policies Configuration window for IPsec. For more information on
configuring phase 1 and phase 2 lifetime values, click Introduction.
For more information on configuring IPSO's native implementation of IPsec,
click the following links:
!
!
!
!
!
!
!
!
Voyager Reference Guide
The Nokia Encryption Accelerator I supports 1524 bit groups (keys)
Introduction
Using PKI
IPsec Implementation in IPSO
IPsec Parameters
Creating an IPsec Policy
Creating an IPsec Tunnel Rule
Transport Rule
IPsec Transport Rule Example
583
Advertisement
Table of Contents
