Scribd Logo
Importer

Bienvenue sur Scribd !

  • Ipsec VPN: Chapter 13 of Malik

    Transféré par

    Nary Rasolomaharo
    166 vues6 pages
    This document discusses IPSec VPNs and the IKE protocol. It describes two types of IPSec VPNs: site-to-site and remote-access client. The IKE protocol establishes security associations between IPSec peers in two phases - Main or Aggressive mode to establish an IKE SA, and Quick mode to establish IPSec SAs and generate encryption keys. It provides examples of how IKE negotiates IPSec connections using different authentication methods and modes.

    Description originale:

    Titre original

    ipsec vpn

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    PPT, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    This document discusses IPSec VPNs and the IKE protocol. It describes two types of IPSec VPNs: site-to-site and remote-access client. The IKE protocol establishes security associations between IPSec peers in two phases - Main or Aggressive mode to establish an IKE SA, and Quick mode to establish IPSec SAs and generate encryption keys. It provides examples of how IKE negotiates IPSec connections using different authentication methods and modes.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PPT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    166 vues6 pages

    Ipsec VPN: Chapter 13 of Malik

    Transféré par

    Nary Rasolomaharo
    This document discusses IPSec VPNs and the IKE protocol. It describes two types of IPSec VPNs: site-to-site and remote-access client. The IKE protocol establishes security associations between IPSec peers in two phases - Main or Aggressive mode to establish an IKE SA, and Quick mode to establish IPSec SAs and generate encryption keys. It provides examples of how IKE negotiates IPSec connections using different authentication methods and modes.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PPT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 6

    IPSec VPN

    Chapter 13 of Malik
    Outline

    • Types of IPsec VPNs


    • IKE (or Internet Key Exchange) protocol

    http://sce.uhcl.edu/yang/teaching/ 2
    .../VPN.ppt
    Types of IPsec VPNs
    • Site-to-site (aka LAN-to-LAN) IPsec VPN
    Figure 13-1
    Question: no concentrator?

    • Remote-access client IPsec VPN


    Figure 13-2
    Unique challenges: (see p.317)
    1. IPsec clients use unknown-to-gateway IP addresses to connect to the
    gateway
    2. Client’s IP address assigned by the ISP is not compatible with the
    private network’s addressing.
    3. The clients must use the DNS server, DHCP server, and other such
    servers on the private network.
    4. PAT can no longer function as normal (because ESP encrypts all the
    port info in the TCP or UDP header).

    http://sce.uhcl.edu/yang/teaching/ 3
    .../VPN.ppt
    Phases of IPsec
    1. Connection initiated
    2. IKE main mode or aggressive mode
    Results:
    a. creation of an IKE Security Association (SA) between the two
    IPsec peers
    b. A set of 3 session keys are established
    • Quick mode
    Results:
    a. creation of two IPsec SAs between the two peers (incoming SA
    and outgoing SA)
    b. Generate a pair of IPsec keys (one for each of the SAs)
    1. Data communication (using ESP or AH)

    http://sce.uhcl.edu/yang/teaching/ 4
    .../VPN.ppt
    IPsec Negotiation using IKE
    • P.279: Authentication methods vs modes

    Preshared Digital Encrypted


    key signature nonces
    Main mode

    Aggressive
    mode

    http://sce.uhcl.edu/yang/teaching/ 5
    .../VPN.ppt
    IPsec Negotiation using IKE
    Example 1: Main mode using preshared key
    authentication followed by Quick mode negotiation
    pp.280-298
    Example 2: Main mode using DS authentication followed
    by Quick mode negotiation
    pp.298-302
    Example 3: Aggressive mode using Preshared key
    authentication (followed by Quick mode negotiation)
    pp. 302-306

    http://sce.uhcl.edu/yang/teaching/ 6
    .../VPN.ppt

    Vous aimerez peut-être aussi