ZyXEL NBG-460N User Guide - Page 186
IKE SA IKE Phase 1 Overview
View all ZyXEL NBG-460N manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 186 highlights
Chapter 15 IPSec VPN • Use the SA Monitor screen (Section 15.5 on page 205) to display and manage active VPN connections. 15.3 What You Need To Know A VPN tunnel is usually established in two phases. Each phase establishes a security association (SA), a contract indicating what security parameters the NBG460N and the remote IPSec router will use. The first phase establishes an Internet Key Exchange (IKE) SA between the NBG460N and remote IPSec router. The second phase uses the IKE SA to securely establish an IPSec SA through which the NBG-460N and remote IPSec router can send data between computers on the local network and remote network. The following figure illustrates this. Figure 118 VPN: IKE SA and IPSec SA In this example, a computer in network A is exchanging data with a computer in network B. Inside networks A and B, the data is transmitted the same way data is normally transmitted in the networks. Between routers X and Y, the data is protected by tunneling, encryption, authentication, and other security features of the IPSec SA. The IPSec SA is established securely using the IKE SA that routers X and Y established first. 15.3.1 IKE SA (IKE Phase 1) Overview The IKE SA provides a secure connection between the NBG-460N and remote IPSec router. It takes several steps to establish an IKE SA. The negotiation mode determines the number of steps to use. There are two negotiation modes--main mode and aggressive mode. Main mode provides better security, while aggressive mode is faster. 186 NBG-460N User's Guide