Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
451452453454455456457458459460
7-10
Virtual Private Networks
IPsec VPNs
Figure 7-3. IKE Phase 1: Security Parameters Exchange
The remote endpoint searches its IKE policies for one that specifies the other
endpoint and that includes an identical security proposal. When it finds a
match, the remote endpoint returns these security parameters to the original
endpoint.
If the remote endpoint cannot find a match, the VPN connection fails. This is
why it is very important that you match IKE policies at both ends of the
connection.
Exchange 2: Key generation. You will recall that an SA specifies authentica-
tion and encryption keys for transforming traffic. When you use IKE, you only
need to configure algorithms, which IKE negotiates in the first exchange.
Using the Diffie-Hellman Key Agreement Protocol, IKE generates the actual
keys for you during in the second exchange of IKE phase 1. This protocol is a
secure method for generating unique, shared keys without sending them over
the connection and thus rendering them vulnerable to interception.