Chapter 26. Using IPsec with IPv6
© Copyright Lenovo 2015
Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol
(IP) communications by authenticating and encrypting each IP packet of a
communication session. IPsec also includes protocols for establishing mutual
authentication between agents at the beginning of the session and negotiation of
cryptographic keys to be used during the session.
Since IPsec was implemented in conjunction with IPv6, all implementations of
IPv6 must contain IPsec. To support the National Institute of Standards and
Technology (NIST) recommendations for IPv6 implementations, Lenovo N/OS
IPv6 feature compliance has been extended to include the following IETF RFCs,
with an emphasis on IP Security (IPsec) and Internet Key Exchange version 2, and
authentication/confidentiality for OSPFv3:
RFC 4301 for IPv6 security
RFC 4302 for the IPv6 Authentication Header
RFCs 2404, 2410, 2451, 3602, and 4303 for IPv6 Encapsulating Security Payload
(ESP), including NULL encryption, CBC‐mode 3DES and AES ciphers, and
HMAC‐SHA‐1‐96.
RFCs 4306, 4307, 4718, and 4835 for IKEv2 and cryptography
RFC 4552 for OSPFv3 IPv6 authentication
RFC 5114 for Diffie‐Hellman groups
Note: This implementation of IPsec supports DH groups 1, 2, 5, 14, and 24.
The following topics are discussed in this chapter:
"IPsec Protocols" on page
"Using IPsec with the CN4093" on page 377
376
375