Table of Contents
Advertisement
[IKE extension]
IKE SA deletion
Prior to deleting the IKE SA, a DELETE message (DELETE PAYLOAD) is sent to the other end, and the IKE SA
paired with the other end can be deleted.
INITIAL-CONTACT
During the start of IKE Phase1, it is used to notify that it is the first IPsec connection with the other system.
The receiver of INITIAL-CONTACT may consider that the IPsec connection with the sender is lost, and delete
its IPsec SA with the sender.
Keepalive
DPD (Dead Peer Detection)-Keepalive method to monitor IKE SA is supported.
[IPsec extension]
TCP MSS rewriting
If the IP packets passing through the IPsec tunnel are TCP, the TCP MSS value of the SYN packet is rewritten.
Anti-replay function
In IPsec, the sequence number is monitored, and protects from replay attacks by discarding received duplicate
packets. The anti-replay function is always enabled.
[Others]
NAT/NAPT simultaneous operation (Split operation)
[IPsec parameter list]
Item
Key exchange method
Exchange type
Relationship of IKE SA and
IPsec SA
Authentication method
Supported
algorithm
IKEv1
DH group
SA
Function
Automatic key (Key exchange protocol: IKEv1)
Main mode, aggressive mode, and quick mode
Continuous-Channel SA type
Pre-key sharing method (pre-shared Key)
Encryption
3DES, AES-128, AES-192, AES-256
Authentication
HMAC-MD5, HMAC-SHA-1, HMAC-SHA-2-256
768bit (group1), 1024bit (group2), 1536bit (group5),
2048bit (group14)
Local ID, remote ID
IKE ID
authentication
(IPv4 address, FQDN, Key-ID, and user-FQDN)
IKE
Retransmission interval specification, retransmission
connection
frequency specification
Lifetime
Time setting
Rekey timing
Remaining time setting
|Function Specification
107
Advertisement
Table of Contents
