Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
531532533534535536537538539540
7-18
Virtual Private Networks
IPsec Concepts
Figure 7-7. IKE Phase 2: Security Proposal
When negotiating the IPsec SA, IKE follows much the same process it did in
IKE phase 1. The initiator sends IKE packets (now secured by the IKE SA),
proposing security parameters:
IPsec SA lifetime—the time in seconds or amount of data in kilobytes
before the SA must be renegotiated
Perfect forward secrecy (PFS) group—an optional setting, required if you
want the endpoints to use a new Diffie-Hellman value and exchange to
generate keys
One or more IPsec proposals. Each proposal includes:
An authentication algorithm
An encryption algorithm (if using ESP)