Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
531532533534535536537538539540
7-16
Virtual Private Networks
IPsec Concepts
Figure 7-4. IKE Phase 1: Key Generation Exchange
The final IKE phase 1 exchange and all IKE phase 2 exchanges will be secured
by these keys. In this way, IKE provides an additional layer of security;
endpoints transmit their authentication information in secured packets, and
secured packets negotiate the IPsec SA itself.
Exchange 3: Authentication.
In the third IKE phase 1 exchange, the tunnel
endpoints authenticate each other according to the method agreed upon in the first
exchange.
The method can be:
A preshared key—The endpoints exchange a password, which is known
by both.
CertificatesThe endpoints exchange certificates, which must be
installed before IKE initiates. Each endpoint’s certificate must be signed
by a CA that is trusted by the other endpoint.
Figure 7-5. IKE Phase 1: Authentication