HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual page 396
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
Virtual Private Networks
Overview
8-10
Router
Security
1
proposals for
IKE SA
2
Both compute Diffie-Hellman public value
Diffie-Hellman
3
public value
4
Both compute encryption and authentication lays
Authentication
5
information
(encrypted)
6
Figure 8-2. IKE Phase 1
Authentication. In the third IKE phase 1 exchange, hosts confirm each
other's identities according to the method agreed upon in the first exchange.
The method can be:
preshared keys
digital certificates
Preshared keys are symmetric. Hosts using preshared keys have determined
the same secret value beforehand. They now exchange this value to authenti-
cate each other, and the IKE SA is established.
Digital certificates use asymmetric keys. That is, each host receives two keys
from a certificate authority (CA)—one to encrypt data and one to decrypt data.
The host's private key encrypts data, which can then only be decrypted with
that host's public key.
When authenticating itself, a host sends a certificate containing its identifica-
tion information, its public key, and its CA's digital signature. The host then
appends its own digital signature to the certificate, which it generates by
hashing the certificate and encrypting it with its private key. The remote host
Router
Internet
Matching
proposal
Diffie-Hellman
public value
Authentication
information
(encrypted)
Advertisement
Chapters
Table of Contents
Troubleshooting
