Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
461462463464465466467468469470
7-11
Virtual Private Networks
IPsec VPNs
Figure 7-4. IKE Phase 1: Key Generation Exchange
The final IKE phase 1 exchange and all IKE phase 2 exchanges will be secured
by these keys. In this way, IKE provides an additional layer of security;
endpoints transmit their authentication information in secured packets, and
secured packets negotiate the IPsec SA itself.
Exchange 3: Authentication. In the third IKE phase 1 exchange, the tunnel
endpoints authenticate each other according to the method agreed upon in
the first exchange.
The method can be:
A preshared key—a password known by both endpoints
Certificates—certificates installed on the endpoints before the connec-
tion is initiated
Figure 7-5. IKE Phase 1: Authentication
The tunnel endpoints also check each other’s IDs. When you set up an IKE
policy, you specify the TMS zl Module’s local ID and the remote ID that it
expects from the remote VPN gateway or client.