Relationship Between Ike And Ipsec; Protocols And Standards; Ike Configuration Task List - HP 5120 SI Series Security Configuration Manual

Hide thumbs Also See for 5120 SI Series:
Table of Contents

Advertisement

Relationship between IKE and IPsec

Figure 120 Relationship between IKE and IPsec
Figure 125
illustrates the relationship between IKE and IPsec:
IKE is an application layer protocol using UDP and functions as the signaling protocol of IPsec.
IKE negotiates SAs for IPsec and delivers negotiated parameters and generated keys to IPsec.
IPsec uses the SAs set up through IKE negotiation for encryption and authentication of IP packets.

Protocols and standards

These protocols and standards are relevant to IKE:
RFC 2408, Internet Security Association and Key Management Protocol (ISAKMP)
RFC 2409, The Internet Key Exchange (IKE)
RFC 2412, The OAKLEY Key Determination Protocol

IKE configuration task list

Prior to IKE configuration, you must determine the following parameters:
The strength of the algorithms for IKE negotiation (the security protection level), including the
identity authentication method, encryption algorithm, authentication algorithm, and DH group.
Different algorithms provide different levels of protection. A stronger algorithm means more resistant
to decryption of protected data but requires more resources. Generally, the longer the key, the
stronger the algorithm.
The pre-shared key or the PKI domain the certificate belongs to. For more information about PKI
configuration, see the chapter "PKI configuration."
To configure IKE:
Task
Configuring a name for the local security gateway
Configuring an IKE proposal
Remarks
Optional.
Optional.
Required if you want to specify an IKE proposal for
an IKE peer to reference.
357

Advertisement

Table of Contents
loading

Table of Contents