334
V7122 GatewayUser Guide
IPSec doesn’t function properly if the gateway’s IP address is changed on-the-fly
due to the fact that the crypto hardware can only be configured on reset. Therefore,
reset the gateway after you change its IP address.
IKE
IKE is used to obtain the Security Associations (SA) between peers (the gateway and the
application it’s trying to contact). The SA contains the encryption keys and profile used by the
IPSec to encrypt the IP stream. The IKE table lists the IKE peers with which the gateway
performs the IKE negotiation (up to 20 peers are available).
The IKE negotiation is separated into two phases: main mode and quick mode. The main
mode employs the Diffie-Hellman (DH) protocol to obtain an encryption key (without any prior
keys), and uses a pre-shared key to authenticate the peers. The created channel secures
the messages of the following phase (quick mode) in which the IPSec SA properties are
negotiated.
The IKE negotiation is as follows:
Main mode (the main mode creates a secured channel for the quick mode)
SA negotiation – The peers negotiate their capabilities using four proposals. Each
proposal includes three parameters: Encryption method, Authentication protocol and
the length of the key created by the DH protocol. The key’s lifetime is also negotiated
in this stage. For detailed information on configuring the main mode proposals, see
IKE Configuration
.
Key exchange (DH) – The DH protocol is used to create a phase-1 key.
Authentication – The two peers authenticate one another using the pre-shared key
(configured by the parameter ‘IKEPolicySharedKey’).
Quick mode (quick mode negotiation is secured by the phase-1 SA)
SA negotiation – The peers negotiate their capabilities using four proposals. Each
proposal includes two parameters: Encryption method and Authentication protocol.
The lifetime is also negotiated in this stage. For detailed information on configuring
the quick mode proposals, see the SPD table under
IPSec Configuration
.
Key exchange – a symmetrical key is created using the negotiated SA.
IKE Specifications:
Authentication mode - pre-shared key only
Main mode is supported for IKE Phase 1
Supported IKE SA encryption algorithms - Data Encryption Standard (DES), 3DES, and
Advanced Encryption Standard (AES)
Hash types for IKE SA - SHA1 and MD5
Содержание VCX V7122
Страница 28: ...28 V7122 GatewayUser Guide ...
Страница 39: ...V7122 Gateway User Guide 39 Reader s Notes ...
Страница 40: ...40 V7122 GatewayUser Guide ...
Страница 58: ...58 V7122 GatewayUser Guide Reader s Notes ...
Страница 66: ...66 V7122 GatewayUser Guide Reader s Notes ...
Страница 144: ...144 V7122 GatewayUser Guide Reader s Notes ...
Страница 239: ...V7122 Gateway User Guide 239 Reader s Notes ...
Страница 240: ...240 V7122 GatewayUser Guide ...
Страница 246: ...246 V7122 GatewayUser Guide Reader s Notes ...
Страница 270: ...270 V7122 GatewayUser Guide Reader s Notes ...
Страница 287: ...V7122 Gateway User Guide 287 Reader s Notes ...
Страница 288: ...288 V7122 GatewayUser Guide ...
Страница 294: ...294 V7122 GatewayUser Guide Reader s Notes ...
Страница 300: ...300 V7122 GatewayUser Guide Figure 88 Gateway s Startup Process ...
Страница 315: ...V7122 Gateway User Guide 315 Reader s Notes ...
Страница 316: ...316 V7122 GatewayUser Guide ...
Страница 332: ...332 V7122 GatewayUser Guide Reader s Notes ...
Страница 358: ...358 V7122 GatewayUser Guide Reader s Notes ...
Страница 362: ...362 V7122 GatewayUser Guide Reader s Notes ...
Страница 389: ...V7122 Gateway User Guide 389 Reader s Notes ...
Страница 390: ...390 V7122 GatewayUser Guide ...
Страница 398: ...398 V7122 GatewayUser Guide Reader s Notes ...
Страница 406: ...406 V7122 GatewayUser Guide Reader s Notes ...
Страница 408: ...408 V7122 GatewayUser Guide Reader s Notes ...
Страница 409: ...V7122 Gateway User Guide 409 ...
Страница 419: ...V7122 Gateway User Guide 419 Reader s Notes ...
Страница 437: ...V7122 Gateway User Guide 437 Reader s Notes ...
Страница 452: ...452 V7122 GatewayUser Guide Figure 137 UDP2File Utility ...
Страница 453: ...V7122 Gateway User Guide 453 Reader s Notes ...
Страница 459: ...V7122 Gateway User Guide 459 Reader s Notes ...
Страница 475: ...V7122 Gateway User Guide 475 ...