InGateway Documentation, Release 0.0.1
4.4.1 IPsec
IPsec is a group of open network security protocols formulated by the IETF, which provide data source
authentication, data encryption, data integrity check, and anti-replay on the IP layer to ensure the security
of data transmission over the Internet. IPsec lowers the risk of data leakage and interception, ensures data
integrity and confidentiality, and protects security of service data transmission.
4.4.1.1 IPsec Setting
The IPsec parameters are described as follows:
• IKEv1 Policy
–
ID: specifies the ID of an IKEv1 policy.
–
Encryption: specifies the algorithm used to encrypt plain text. Options are 3DES, DES, AES128,
AES192, and AES256.
* 3DES: uses three 64-bit DES keys to encrypt plain text.
* DES: uses a 64-bit key to encrypt a 64-bit plain-text block.
* AES: uses a 128-bit, 192-bit, or 256-bit key to encrypt plain text.
–
Hash: specifies the hash algorithm used in the policy. Options are MD5, SHA1, SHA2-256,
SHA2-384, and SHA2-512.
* MD5: generates a 128-bit message digest for a message of any length.
* SHA1: generates a 160-bit message digest for a message of a length less than 128 bits.
* SHA2-256: generates a 256-bit message digest.
* SHA2-384: generates a 384-bit message digest.
* SHA2-512: generates a 512-bit message digest.
–
Diffie-Hellman Group: specifies the Diffie-Hellman algorithm, an open key algorithm. Two parties
calculate a shared key based on the data exchanged between them, without transmitting the key
to each other. To encrypt data sent to each other, the two parties must have a shared key.
The essence of Internet Key Exchange (IKE) is that the communication parties never transmit
the key over an insecure network. Instead, they exchange a series of data to calculate a shared
key. Other parties (such as hackers) cannot calculate the key even if they intercept all the data
exchanged for key calculation.
–
Lifetime: specifies the lifetime of the IKE security association (SA). The two parties negotiate
another SA to replace the old one before the lifetime expires.
• IKEv2 Policy
–
ID: specifies the ID of an IKEv2 policy.
98
Chapter 1. InGateway Documentation Site Navigation
Summary of Contents for InGateway501
Page 1: ...InGateway Documentation Release 0 0 1 zhangning Aug 24 2020...
Page 2: ......
Page 4: ...ii...