Internet key exchange concepts, Table 18, Gateway to gateway – Dell POWEREDGE M1000E User Manual

Page 220: Endpoint to gateway, Encryption algorithms

Advertising
background image

192

Web Tools Administrator’s Guide

53-1002756-01

IPsec concepts

15

Gateway to Gateway

In a gateway to gateway configuration, IPsec protection is implemented between network nodes.
Tunnel mode is commonly used in a gateway to gateway configuration. A tunnel endpoint
represents a set of IP addresses associated with actual endpoints that use the tunnel. IPsec is
transparent to the actual endpoints.

Endpoint to Gateway

In an endpoint to gateway configuration, a protected endpoint connects through an IPsec protected
tunnel. This can be used as a virtual private network (VPN) for connecting a roaming computer, like
a service laptop, to a protected network.

Internet Key Exchange concepts

Internet Key Exchange (IKE) is used to authenticate the end points of an IP connection, and to
determine security policies for IP traffic over the connection. The initiating node proposes a policy
based on the following:

An encryption algorithm to protect data.

A hash algorithm to check the integrity of the authentication data.

A Pseudo-Random Function (PRF) algorithm that can be used with the hash algorithm for
additional cryptographic strength.

An authentication method requiring a digital signature, and optionally a certificate exchange.

A Diffie-Hellman exchange that generates prime numbers used in establishing a shared secret
key.

Encryption algorithms

An encryption algorithm is used to encrypt messages used in the IKE negotiation.

Table 18

lists the

available encryption algorithms. A brief description is provided. If you need further information,
please refer to the RFC.

TABLE 18

Encryption algorithm options

Encryption algorithm

Description

RFC number

3des_cbc

3DES processes each block three times, using
a unique 56-bit key each time.

RFC 2451

null_enc

No encryption is performed.

aes128_cbc

Advanced Encryption Standard (AES) 128 bit
block cipher.

RFC 4869

aes256_cbc

Advanced Encryption Standard (AES) 256 bit
block cipher.

RFC 4869

Advertising
Popular Brands
Popular manuals