D-Link NetDefendOS User Manual page 684

IPsec protocol used (ESP/AH/both) as well as the session keys used to encrypt/decrypt and/or
authenticate/verify the transmitted data.
An SA is unidirectional and relates to traffic flow in one direction only. For the bidirectional traffic
that is usually found in a VPN, there is therefore a need for more than one SA per connection. In
most cases, where only one of ESP or AH is used, two SAs will be created for each connection,
one describing the incoming traffic, and the other the outgoing. In cases where ESP and AH are
used in conjunction, four SAs will be created.
IKE Negotiation
The process of negotiating session parameters consists of a number of phases and modes. These
are described in detail in the sections below.
The flow of events can be summarized as follows:
IKE Phase-1
• Negotiate how IKE should be protected
IKE Phase-2
• Negotiate how IPsec should be protected
• Derive some fresh keying material from the key exchange in phase-1, to
provide session keys to be used in the encryption and authentication of
the VPN data flow
IKE and IPsec Lifetimes
Both the IKE and the IPsec connections have limited lifetimes, described both in terms of time
(seconds), and data (kilobytes). These lifetimes prevent a connection from being used too long,
which is desirable from a crypto-analysis perspective.
The IPsec lifetime must be shorter than the IKE lifetime. The difference between the two must be
a minimum of 5 minutes. This allows for the IPsec connection to be re-keyed simply by
performing another phase-2 negotiation. There is no need to do another phase-1 negotiation
until the IKE lifetime has expired.
IKE Algorithm Proposals
An IKE algorithm proposal list is a suggestion of how to protect IPsec data flows. The VPN device
initiating an IPsec connection will send a list of the algorithms combinations it supports for
protecting the connection and it is then up to the device at the other end of the connection to
say which proposal is acceptable.
The responding VPN device, upon receiving the list of supported algorithms, will choose the
algorithm combination that best matches its own security policies, and reply by specifying which
member of the list it has chosen. If no mutually acceptable proposal can be found, the responder
will reply by saying that nothing on the list was acceptable, and possibly also provide a textual
explanation for diagnostic purposes.
This negotiation to find a mutually acceptable algorithm combination is done not just to find the
best way to protect the IPsec connection but also to find the best way to protect the IKE
negotiation itself.
Algorithm proposal lists contain not just the acceptable algorithm combinations for encrypting
and authenticating data but also other IKE related parameters. Further details of the IKE
negotiation and the other IKE parameters are described next.
684
Chapter 9: VPN