Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
451452453454455456457458459460
7-9
Virtual Private Networks
IPsec VPNs
IKE Phase 1. During phase 1, IKE must complete three tasks:
Negotiate security parameters for the IKE SA
Generate the keys used to secure data sent over the IKE SA
Authenticate the endpoints of the tunnel (the two hosts)
Therefor, IKE phase 1 typically involves three exchanges between hosts, or
six total messages.
Exchange 1: Security parameters. In the first exchange, the endpoint that
initiates the VPN connection sends a message to the remote endpoint with one
or more security proposals. Each proposal includes one of the options for
these parameters:
Authentication algorithm:
•MD5
•SHA-1
Encryption algorithm:
•DES
•3DES
AES with 128, 192, or 256-bit keys
Authentication method:
Preshared key
Certificates (Digital Signature Algorithm [DSA] or Rivest-Shamir-
Adleman [RSA] Signature)
Diffie-Hellman group:
Group 1 (768)
Group 2 (1024)
Group 5 (1536)
SA lifetime in seconds
You will specify these proposals in an IKE policy.