Académique Documents
Professionnel Documents
Culture Documents
Chapter 13 of Malik
Outline
http://sce.uhcl.edu/yang/teaching/ 2
.../VPN.ppt
Types of IPsec VPNs
• Site-to-site (aka LAN-to-LAN) IPsec VPN
Figure 13-1
Question: no concentrator?
http://sce.uhcl.edu/yang/teaching/ 3
.../VPN.ppt
Phases of IPsec
1. Connection initiated
2. IKE main mode or aggressive mode
Results:
a. creation of an IKE Security Association (SA) between the two
IPsec peers
b. A set of 3 session keys are established
• Quick mode
Results:
a. creation of two IPsec SAs between the two peers (incoming SA
and outgoing SA)
b. Generate a pair of IPsec keys (one for each of the SAs)
1. Data communication (using ESP or AH)
http://sce.uhcl.edu/yang/teaching/ 4
.../VPN.ppt
IPsec Negotiation using IKE
• P.279: Authentication methods vs modes
Aggressive
mode
http://sce.uhcl.edu/yang/teaching/ 5
.../VPN.ppt
IPsec Negotiation using IKE
Example 1: Main mode using preshared key
authentication followed by Quick mode negotiation
pp.280-298
Example 2: Main mode using DS authentication followed
by Quick mode negotiation
pp.298-302
Example 3: Aggressive mode using Preshared key
authentication (followed by Quick mode negotiation)
pp. 302-306
http://sce.uhcl.edu/yang/teaching/ 6
.../VPN.ppt