Table of Contents
Advertisement
■IKEv2
[IKEv2 overview]
IKEv2 features will be outlined for those using IKEv1. IKEv2 is not compatible with IKEv1 and the terms used are
different.
ISAKMP-SA, IPsec-SA equivalent functions are KE-SA and Child-SA respectively.
Hash algorithm is equivalent to authentication algorithm and a pseudo-random number algorithm.
The concept of main mode and aggressive mode is removed and operation is shared.
Phase1-ID, Phase2-ID are also shared, and only a pair of local-ID and remote-ID are obtained.
[Key Management Method]
IKEv2 requires a pre-shared key for the device and a pre-shared key setting for the remote device.
*In the case of IKEV1, use a common pre-shared key on local device and the remote device.
Protected with
IKE_SA
Protect with
CHILD_SA
[IKEv2 Sequence]
●IKE_SA_INIT exchange
●IKE_AUTH exchange
[Connection method]
To create an IPsec tunnel, continuous and on-demand connection can be selected.
By associating with "Rekey" setting, the following three setting patterns can be set from Web setting:
Initiator
IKE_SA_INIT Exchange (request)
IKE_SA_INIT Exchange (response)
IKE_AUTH Exchange (request)
IKE_AUTH Exchange (response)
: IKE_SA negotiation and private key sharing
: Peer authentication CHILD_SA negotiation
User Traffic
Responder
|Function Specification
105
Advertisement
Table of Contents
