Configuring VPN objects
134 Avaya VPNmanager Configuration Guide Release 3.7
IKE VPNs
Note:
Note:
IKE VPNs are supported in VPNremote Client 3.0 and later.
An IKE VPN can run in certificate or preshared secret authentication mode. Also, IKE VPNs
always operate in tunnel mode, which means the entire original packet (header and payload) is
encrypted and inserted in the payload of an IPSec packet before it goes out to the public
networks.
Certificate mode involves the exchange of X.509 public-key certificates between endpoints of a
VPN tunnel to authenticate VPN tunnel end points. A certificate belonging to a specific endpoint
is authenticated by a third party certificate called an issuer’s certificate. Certificates can be
obtained from a third party Public Key Infrastructure (PKI). See for more information about using
a PKI. Certificate based VPNs cannot be manually rekeyed.
Preshared Secret mode involves the Diffie-Hellman algorithm for creating a shared secret key
that is used for authenticating VPN traffic. Large prime numbers and modular arithmetic
equations are exchanged between endpoints. Each endpoint uses the equations and numbers
to calculate the same shared secret key. The tunnel endpoints then use the shared secret key to
authenticate each other’s traffic. Even if the prime numbers and equations become publicly
known, the protocol still protects the shared secret key. As an added security measure,
preshared secret can be manually rekeyed at any time.
VPN packet processing modes
There are two ways to process packets when forming VPNs: transport mode and tunnel mode.
In transport mode, IP packets sent between VPN members are secured by applying VPN
services to the IP packet payload, leaving the original addressing header unchanged.
Source
Address
Dest.
Address
Payload
Source
Address
Dest.
Address
IPSec/SKIP Overhead
Payload with Applied VPN Services
Transport Mode
Secured VPN IP Packet
Original IP Packet
Summary of Contents for 3.7
Page 1: ...VPNmanager Configuration Guide Release 3 7 670 100 600 Issue 4 May 2005...
Page 4: ......
Page 20: ...Preface 20 Avaya VPNmanager Configuration Guide Release 3 7...
Page 32: ...Overview of implementation 32 Avaya VPNmanager Configuration Guide Release 3 7...
Page 53: ...Preferences Issue 4 May 2005 53 Figure 16 Tunnel End Point Policy...
Page 54: ...Using VPNmanager 54 Avaya VPNmanager Configuration Guide Release 3 7...
Page 244: ...Using advanced features 244 Avaya VPNmanager Configuration Guide Release 3 7...
Page 292: ...Upgrading firmware and licenses 292 Avaya VPNmanager Configuration Guide Release 3 7...