Translate

Wednesday, 10 June 2015

VPN TERMINOLOGY IKE V1

IKEv1


IKEv1 provides a framework for the parameter negotiation and key exchange between VPN peers for the correct establishment of an SA. However, the actual processes of key exchange and parameter negotiation are carried
out by two protocols used by IKEv1:

 Internet Security Association and Key Management Protocol (ISAKMP)
 Oakley

ISAKMP takes care of parameter negotiation between peers (for example, DH groups, lifetimes, encryption [if required], and authentication). The process of negotiating these parameters between peers is required for the successful establishment of SAs. After an SA has been established, ISAKMP defines the procedures followed for correct maintenance and removal of the SA during connection termination.


Oakley provides the key-exchange function between peers using the DH protocol. DH is an asynchronous protocol, meaning each peer uses its own set of keys for communications establishment and operation between peers. However, the keys are never exchanged, providing a much higher level of security than synchronous protocols (DES, 3DES, and so on) that require both peers to use the same keys for operation. After both peers have established their shared communication path, they can proceed to exchange the keys used by the various synchronous protocols for authentication and encryption purposes.

No comments:

Post a Comment