HP VPN Firewall Appliances VPN Configuration Guide
403
Connection initialization phase
When a client accesses the server for the first time, connection initialization is performed. During the
initialization procedure, the two parties negotiate whether VAM protocol packets should be secured. If so,
they negotiate the packet encryption and integrity verification algorithms, generate the keys, and
acknowledge the negotiated result.
Figure 309 Initialization process
As shown in Figure 309, a client and server take the following steps to initialize the connection:
1. The client sends the server a connection request, which carries the supported encryption and
integrity verification algorithms.
2. Upon receiving the connection request, the server begins to negotiate the algorithms to be used
with the client.
The server first compares the algorithm of the highest priority on its own algorithm list against the
algorithm list of the client. If a match is found, the algorithm is used. If not, the server compares its
next-highest priority algorithm against the list. The operation continues until a match is found or all
the algorithms on the server's algorithm list have been compared.
If a match is found, the server sends to the client a connection response, which carries the
negotiation result, and at the same time, the server and the client generate the encryption key and
integrity verification key.
3. The client sends an initialization complete packet to the server, so the server can use it to check
whether the algorithm negotiation and key negotiation are successful.
4. Upon receiving the initialization complete packet from the client, the server sends an initialization
complete packet to the client, so the client can use it to check whether the algorithm negotiation
and key negotiation are successful.
After the connection initialization process completes, the client proceeds with the registration phase.