IPsec
IPsec
is composed of a collection of underlying protocols that together provide the overall
operation of parameter negotiation, connection establishment, tunnel
maintenance, data transmission, and connection teardown.
Three protocols are used in the
IPsec architecture to provide key exchange in addition to the integrity,
encryption, authentication, and antireplay features discussed earlier:
IKEv1 or IKEv2 is used by IPsec for the
exchange of parameters used for key negotiation, the exchange of the derived
authentication/encryption keys, and overall establishment of security associations (SA) .
Encapsulating
Security Payload (ESP) provides
a framework for the data integrity, encryption, authentication, and antireplay
functions of an IPsec VPN.
Authentication
Header (AH) provides
a framework for the data integrity, authentication, and antireplay functions.
(No encryption is provided when using AH.)
No comments:
Post a Comment