Relationship Between Ike And Ipsec; Protocols And Standards; Fips Compliance; Ike Configuration Task List - HP 6600 Security Configuration Manual

Relationship between IKE and IPsec

Figure 103 Relationship between IKE and IPsec
Figure 103 illustrates the relationship between IKE and IPsec:
IKE is an application layer protocol using UDP and functions as the signaling protocol of IPsec.
•
IKE negotiates SAs for IPsec and delivers negotiated parameters and generated keys to IPsec.
•
IPsec uses the SAs set up through IKE negotiation for encryption and authentication of IP packets.
•

Protocols and standards

RFC 2408, Internet Security Association and Key Management Protocol (ISAKMP)
•
• RFC 2409, The Internet Key Exchange (IKE)
RFC 2412, The OAKLEY Key Determination Protocol
•

FIPS compliance

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode (see "Configuring FIPS") and non-FIPS mode.

IKE configuration task list

Determine the following parameters prior to IKE configuration:
The strength of the algorithms for IKE negotiation (the security protection level), including the
•
identity authentication method, encryption algorithm, authentication algorithm, and DH group.
Different algorithms provide different levels of protection. A stronger algorithm means more
resistance to decryption of protected data but requires more resources. Generally, the longer the key,
the stronger the algorithm.
• The pre-shared key or the PKI domain the certificate belongs to. For more information about PKI
configuration, see "Configuring PKI."
To configure IKE:
296