1. Manuals
  2. Brands
  3. LevelOne Manuals
  4. Network Router
  5. GBR-4001
  6. User manual

LevelOne GBR-4001 User Manual page 142

4-wan gigabit broadband vpn router
Hide thumbs
Table of Contents

Advertisement

The first exchange, (Messages 1 and 2): Provides and accepts encryption and authentication
algorithms.
The second exchange, (Messages 3 and 4): Implements the Diffie-Hellman exchange, both
the initiator and the responder provide a current number (which is randomly generated).
The third exchange, (Messages 5 and 6): Sends and verifies their identity.
The information sent at the third exchange of information is protected by the encryption algorithm
established in the first two exchanges. Therefore, there is no identity of participants in
transmission, thereby providing the maximum extent of protection.
In aggressive mode, the initiator and the responder acquire the same objects, but have only two
exchanges, with a total of three messages:
The first message: The initiator recommends SA, to initiate Diffie-Hellman exchange, and
send a current number and its IKE identity.
The second message: The responder accepts SA, authenticates the initiator, sends a current
number and its IKE identity, and sends the responder's certificate (if you are using a
certificate).
The third message: The initiator authenticates the responder, and confirms the exchange.
Since the participants ' identities are exchanged in the plain text (in the first two messages), the
aggressive mode provides no identity protection.
Tip:
When the IPSec tunnel is connected by the other dynamically connecting to the local, dynamically
connecting to the gateway, the aggressive mode must be used for negotiations.
 Diffie-Hellman Exchange
Diffie-Hellman exchange, also known as "DH exchange", allows both parties to generate a shared
key. The advantage of this technology is that it allows both parties to create a key on the
non-secure media, without having to transmit the pre-shared keys over the network. There are five
basic DH groups (the device supports Groups 2 and Group 5), and the size of the main modulus
used in the calculation of the groups vary, as described below:
DH Group 2: 1024-bit modulus
DH Group 5: 1536-bit modulus
The larger the modulus is, the more secure the generated key is. However, the larger the modulus
is, the longer the key generation process takes.
Tip:
Since the modulus size of each DH group is different, therefore both communication parties of the
IPSec tunnel must use the same group.
2.
Phase II
http://www.level1.com
Chapter 12 VPN
Page 137

Advertisement

Table of Contents
loading

Related Manuals for LevelOne GBR-4001

Related Products for LevelOne GBR-4001

Table of Contents