Dell Brocade M5424 Brocade 7.1.0 Web Tools Administrator's Guide - Page 220
Internet Key Exchange concepts, Gateway to Gateway, Endpoint to Gateway, Encryption algorithms
View all Dell Brocade M5424 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 220 highlights
15 IPsec concepts Gateway to Gateway In a gateway to gateway configuration, IPsec protection is implemented between network nodes. Tunnel mode is commonly used in a gateway to gateway configuration. A tunnel endpoint represents a set of IP addresses associated with actual endpoints that use the tunnel. IPsec is transparent to the actual endpoints. Endpoint to Gateway In an endpoint to gateway configuration, a protected endpoint connects through an IPsec protected tunnel. This can be used as a virtual private network (VPN) for connecting a roaming computer, like a service laptop, to a protected network. Internet Key Exchange concepts Internet Key Exchange (IKE) is used to authenticate the end points of an IP connection, and to determine security policies for IP traffic over the connection. The initiating node proposes a policy based on the following: • An encryption algorithm to protect data. • A hash algorithm to check the integrity of the authentication data. • A Pseudo-Random Function (PRF) algorithm that can be used with the hash algorithm for additional cryptographic strength. • An authentication method requiring a digital signature, and optionally a certificate exchange. • A Diffie-Hellman exchange that generates prime numbers used in establishing a shared secret key. Encryption algorithms An encryption algorithm is used to encrypt messages used in the IKE negotiation. Table 18 lists the available encryption algorithms. A brief description is provided. If you need further information, please refer to the RFC. TABLE 18 Encryption algorithm options Encryption algorithm Description RFC number 3des_cbc null_enc aes128_cbc aes256_cbc 3DES processes each block three times, using RFC 2451 a unique 56-bit key each time. No encryption is performed. Advanced Encryption Standard (AES) 128 bit block cipher. RFC 4869 Advanced Encryption Standard (AES) 256 bit block cipher. RFC 4869 192 Web Tools Administrator's Guide 53-1002756-01