Professional Documents
Culture Documents
SECS04L01 - Introducing IPsec
SECS04L01 - Introducing IPsec
Connectivity
Introducing IPsec
RFC 2401
Combines three protocols into a cohesive security framework
Transport Mode
Encrypted
Authenticated
Tunnel Mode
Encrypted
Authenticated
RFC 2402
IP protocol 51
Mechanism for providing strong integrity and authentication for IP
datagrams
Can also provide nonrepudiation
RFC 2406
IP protocol 50
May provide the following:
– Confidentiality (encryption)
– Connectionless integrity
– Data origin authentication
– An antireplay service
RFC 2409
A hybrid protocol consisting of:
– SKEME
A mechanism for using public key encryption for
authentication
– Oakley
A modes-based mechanism for arriving at an encryption
key between two peers
– ISAKMP
An architecture for message exchange, including packet
formats and state transitions between two peers
Phase-based
Secure Data
six messages
OR Quick Mode
Aggressive mode
three messages
RFC 2408
UDP 500
Defines procedures for:
– Authenticating a peer
– Creation and management of SAs
– Key generation techniques
– Threat mitigation
HMAC
AES
MD5
CA
PFS
Certificate
RSA
CRL
SHA
Crypto map
Transform
DES
Transport mode
3DES
Tunnel mode
DH
Hash