334
V7122 GatewayUser Guide
IPSec doesn’t function properly if the gateway’s IP address is changed on-the-fly
due to the fact that the crypto hardware can only be configured on reset. Therefore,
reset the gateway after you change its IP address.
IKE
IKE is used to obtain the Security Associations (SA) between peers (the gateway and the
application it’s trying to contact). The SA contains the encryption keys and profile used by the
IPSec to encrypt the IP stream. The IKE table lists the IKE peers with which the gateway
performs the IKE negotiation (up to 20 peers are available).
The IKE negotiation is separated into two phases: main mode and quick mode. The main
mode employs the Diffie-Hellman (DH) protocol to obtain an encryption key (without any prior
keys), and uses a pre-shared key to authenticate the peers. The created channel secures
the messages of the following phase (quick mode) in which the IPSec SA properties are
negotiated.
The IKE negotiation is as follows:
Main mode (the main mode creates a secured channel for the quick mode)
SA negotiation – The peers negotiate their capabilities using four proposals. Each
proposal includes three parameters: Encryption method, Authentication protocol and
the length of the key created by the DH protocol. The key’s lifetime is also negotiated
in this stage. For detailed information on configuring the main mode proposals, see
IKE Configuration
.
Key exchange (DH) – The DH protocol is used to create a phase-1 key.
Authentication – The two peers authenticate one another using the pre-shared key
(configured by the parameter ‘IKEPolicySharedKey’).
Quick mode (quick mode negotiation is secured by the phase-1 SA)
SA negotiation – The peers negotiate their capabilities using four proposals. Each
proposal includes two parameters: Encryption method and Authentication protocol.
The lifetime is also negotiated in this stage. For detailed information on configuring
the quick mode proposals, see the SPD table under
IPSec Configuration
.
Key exchange – a symmetrical key is created using the negotiated SA.
IKE Specifications:
Authentication mode - pre-shared key only
Main mode is supported for IKE Phase 1
Supported IKE SA encryption algorithms - Data Encryption Standard (DES), 3DES, and
Advanced Encryption Standard (AES)
Hash types for IKE SA - SHA1 and MD5
Summary of Contents for VCX V7122
Page 28: ...28 V7122 GatewayUser Guide ...
Page 39: ...V7122 Gateway User Guide 39 Reader s Notes ...
Page 40: ...40 V7122 GatewayUser Guide ...
Page 58: ...58 V7122 GatewayUser Guide Reader s Notes ...
Page 66: ...66 V7122 GatewayUser Guide Reader s Notes ...
Page 144: ...144 V7122 GatewayUser Guide Reader s Notes ...
Page 239: ...V7122 Gateway User Guide 239 Reader s Notes ...
Page 240: ...240 V7122 GatewayUser Guide ...
Page 246: ...246 V7122 GatewayUser Guide Reader s Notes ...
Page 270: ...270 V7122 GatewayUser Guide Reader s Notes ...
Page 287: ...V7122 Gateway User Guide 287 Reader s Notes ...
Page 288: ...288 V7122 GatewayUser Guide ...
Page 294: ...294 V7122 GatewayUser Guide Reader s Notes ...
Page 300: ...300 V7122 GatewayUser Guide Figure 88 Gateway s Startup Process ...
Page 315: ...V7122 Gateway User Guide 315 Reader s Notes ...
Page 316: ...316 V7122 GatewayUser Guide ...
Page 332: ...332 V7122 GatewayUser Guide Reader s Notes ...
Page 358: ...358 V7122 GatewayUser Guide Reader s Notes ...
Page 362: ...362 V7122 GatewayUser Guide Reader s Notes ...
Page 389: ...V7122 Gateway User Guide 389 Reader s Notes ...
Page 390: ...390 V7122 GatewayUser Guide ...
Page 398: ...398 V7122 GatewayUser Guide Reader s Notes ...
Page 406: ...406 V7122 GatewayUser Guide Reader s Notes ...
Page 408: ...408 V7122 GatewayUser Guide Reader s Notes ...
Page 409: ...V7122 Gateway User Guide 409 ...
Page 419: ...V7122 Gateway User Guide 419 Reader s Notes ...
Page 437: ...V7122 Gateway User Guide 437 Reader s Notes ...
Page 452: ...452 V7122 GatewayUser Guide Figure 137 UDP2File Utility ...
Page 453: ...V7122 Gateway User Guide 453 Reader s Notes ...
Page 459: ...V7122 Gateway User Guide 459 Reader s Notes ...
Page 475: ...V7122 Gateway User Guide 475 ...