Internet key exchange concepts, Table 20, Endpoint to gateway – Dell POWEREDGE M1000E User Manual

232

Web Tools Administrator’s Guide

53-1001772-01

IPsec concepts

17

DRAFT: BROCADE CONFIDENTIAL

Endpoint to Gateway

In an endpoint to gateway configuration, a protected endpoint connects through an IPsec protected
tunnel. This can be used as a virtual private network (VPN) for connecting a roaming computer, like
a service laptop, to a protected network.

Internet Key Exchange concepts

Internet Key Exchange (IKE) is used to authenticate the end points of an IP connection, and to
determine security policies for IP traffic over the connection. The initiating node proposes a policy
based on the following:

•

An encryption algorithm to protect data.

•

A hash algorithm to check the integrity of the authentication data.

•

A Pseudo-Random Function (PRF) algorithm that can be used with the hash algorithm for
additional cryptographic strength.

•

An authentication method requiring a digital signature, and optionally a certificate exchange.

•

A Diffie-Hellman exchange that generates prime numbers used in establishing a shared secret
key.

Encryption algorithms

An encryption algorithm is used to encrypt messages used in the IKE negotiation.

Table 20

lists the

available encryption algorithms. A brief description is provided. If you need further information,
please refer to the RFC.

TABLE 20

Encryption algorithm options

Encryption algorithm

Description

RFC number

3des_cbc

3DES processes each block three times, using
a unique 56-bit key each time.

RFC 2451

null_enc

No encryption is performed.

aes128_cbc

Advanced Encryption Standard (AES) 128 bit
block cipher.

RFC 4869

aes256_cbc

Advanced Encryption Standard (AES) 256 bit
block cipher.

RFC 4869