Data Encryption Tunnel Ee
Once the Keys are generated and exchanged, you are ready for the Data
Tunnel. The first tunnel now goes into IDLE state.
A new tunnel needs to be setup for the Data Tunnel.
This tunnel also requires the % Parameters [Key, Encryption, Hash],
The Key used for this tunnel is the dynamically generated key that was
exchanged in the first tunnel.
You need to define the Encryption and Hash parameters for this tunnel
as welt
The protocol used for this tunnel is ESP [IP Protocol 50].IPSec Tunnels Sci
DDH Session Key RI DH Session Key R2
RL Key = SKI ‘Key - SKI(G))
IPSec LAN — To — LAN Tunnels
> Policy Based tunnels are tunnels that are configured by specifying the
Interesting traffic [Traffic that needs to be encrypted] by using a
Policy [ACLI. :
> If the traffic match the Policy [ACL] it is encapsulated within the ESP
header. The Outer header will have the Public IP Addresses of the
Tunnel Endpoints.
> The Drawback is that every time a new network is added, the ACL
needs to be modified on both ends.