Chapter 19: Ipsec Vpn; Ipsec Vpn - Avaya G430 Manual

Chapter 19: IPSec VPN

IPSec VPN

VPN (Virtual Private Network) defines a private secure connection between two nodes on a
public network such as the Internet. VPN at the IP level is deployed using IP Security (IPSec).
IPSec is a standards-based set of protocols defined by the IETF that provide privacy, integrity,
and authenticity to information transferred across IP networks.
The standard key exchange method employed by IPSec uses the Internet Key Exchange (IKE)
protocol to exchange key information between the two nodes (referred to as peers). Each peer
maintains Security Associations (SAs) to maintain the private secure connection. IKE operates
in two phases:
• The Phase-1 exchange negotiates an IKE SA
• The IKE SA created in Phase-1 secures the subsequent Phase-2 exchanges, which in
turn generate IPSec SAs
IPSec SAs secure the actual traffic between the protected networks behind the peers, while
the IKE SA only secures the key exchanges that generate the IPSec SAs between the
peers.
The Branch Gateway IPSec VPN feature is designed to support site-to-site topologies, in which
the two peers are gateways.
Note:
To configure IPSec VPN, you need at least a basic knowledge of IPSec. Refer to the
following guide for a suitable introduction:
http://www.tcpipguide.com/free/t_IPSecurityIPSecProtocols.htm
Administering Avaya G430 Branch Gateway October 2013 479