HP 635n Practical IPsec Deployment for Printing and Imaging Devices - Page 31
IKE Main Mode
UPC - 882780301016
View all HP 635n manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 31 highlights
Initiator IKE Phase 1 - Main Mode Here are the algorithms and settings that I would like to use for the IKE SA Based upon the ones that you offered, here is the one that I have selected Diffie-Hellman exchange to derive a shared secret used for keying material Diffie-Hellman exchange to derive a shared secret used for keying material Authentication Responder Authentication Figure 25 - IKE Main Mode There are three fundamental things going on in IKE Main Mode: Proposal/Acceptance, Establishing a shared secret, and Authentication. Let's look at Proposal/Acceptance: Note: The IPsec literature often makes a distinction between IKE and Internet Security Association Key Management Protocol or ISAKMP. Technically, the Proposal/Acceptance is done by ISAKMP and everything else is IKE using the format of ISAKMP. While accurate, the author finds this terminology confusing and believes it impairs understanding; therefore the term IKE will be used without reference to ISAKMP. IKE terminology around proposals and acceptance is relatively confusing. Essentially, what the initiator is trying to convey is a series of parameters with associated logical operands of AND as well as OR. Since IKE can carry a variety of information, the various formats of the information are called "payloads". The payloads used in the Proposal/Acceptance are as follows: 31