Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
191192193194195196197198199200
4-16
Configuring a VPN on the HP TMS zl Module
IPsec VPNs
the actual keys for you during in the second exchange of IKE phase 1. This
protocol is a secure method for generating unique, shared keys without
sending them over the connection and thus rendering them vulnerable to
interception.
Figure 4-7. IKE Phase 1: Key Generation Exchange
The final IKE phase 1 exchange and all IKE phase 2 exchanges will be secured
by these keys. In this way, IKE provides an additional layer of security;
endpoints transmit their authentication information in secured packets, and
secured packets negotiate the IPsec SA itself.
Exchange 3: Authentication. In the third IKE phase 1 exchange, the tunnel
endpoints authenticate each other according to the method agreed upon in
the first exchange.
The method can be:
A preshared key—The endpoints exchange a password, which is known
by both.
Certificates—The endpoints exchange certificates, which must be
installed before IKE is initiated. Each endpoint’s certificate must be signed
by a CA that is trusted by the other endpoint.