Chapter 30. Ipsec With Ipv6 - Lenovo RackSwitch G8264 Application Manual

Chapter 30. IPsec with IPv6

© Copyright Lenovo 2016
Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol
(IP) communications by authenticating and encrypting each IP packet of a
communication session. IPsec also includes protocols for establishing mutual
authentication between agents at the beginning of the session and negotiation of
cryptographic keys to be used during the session.
Since IPsec was implemented in conjunction with IPv6, all implementations of
IPv6 must contain IPsec. To support the National Institute of Standards and
Technology (NIST) recommendations for IPv6 implementations, Lenovo
Enterprise Network Operating System IPv6 feature compliance has been extended
to include the following IETF RFCs, with an emphasis on IP Security (IPsec),
Internet Key Exchange version 2, and authentication/confidentiality for OSPFv3:
 RFC 4301 for IPv6 security
 RFC 4302 for the IPv6 Authentication Header
 RFCs 2404, 2410, 2451, 3602, and 4303 for IPv6 Encapsulating Security Payload
(ESP), including NULL encryption, CBC‐mode 3DES and AES ciphers, and
HMAC‐SHA‐1‐96.
 RFCs 4306, 4307, 4718, and 4835 for IKEv2 and cryptography
 RFC 4552 for OSPFv3 IPv6 authentication
 RFC 5114 for Diffie‐Hellman groups
Note: This implementation of IPsec supports DH groups 1, 2, 5, 14, and 24.
The following topics are discussed in this chapter:
 "IPsec Protocols" on page
 "Using IPsec with the Lenovo RackSwitch G8264" on page 477
476
Chapter 30: IPsec with IPv6
475