Gaoke BG9008W User Manual page 66

BG9008W User Manual
3.4.7.4 IPSEC
IPSEC (IP Security) is a set of services and protocols defined by IETF (Internet Engineering Task Force)
to provide high security for IP packets and prevent attacks. To ensure a secured communication, the two
IPSEC peers use IPSEC protocol to negotiate the data encryption algorithm and the security protocols
for checking the integrity of the transmission data, and exchange the key to data de-encryption. IPSEC
has two important security protocols, AH (Authentication Header) and ESP (Encapsulating Security
Payload). AH is used to guarantee the data integrity. If the packet has been tampered during
transmission, the receiver will drop this packet when validating the data integrity. ESP is used to check
the data integrity and encrypt the packets. Even if the encrypted packet is intercepted, the third party still
cannot get the actual information.
IKE: In the IPSEC VPN, to ensure a secure communication, the two peers should encapsulate and
de-encapsulate the packets using the information both known. Therefore the two peers need to
negotiate a security key for communication with IKE (Internet Key Exchange) protocols. Actually IKE is a
hybrid protocol based on three underlying security protocols, ISAKMP (Internet Security Association and
Key Management Protocol), Oakley Key Determination Protocol, and SKEME Security Key Exchange
Protocol. ISAKMP provides a framework for Key Exchange and SA (Security Association) negotiation.
Oakley describes a series of key exchange modes. SKEME describes another key exchange mode
different from those described by Oakley. IKE consists of two phases. Phase 1 is used to negotiate the
parameters, key exchange algorithm and encryption to establish an ISAKMP SA for securely exchanging
more information in Phase 2. During phase 2, the IKE peers use the ISAKMP SA established in Phase 1
to negotiate the parameters for security protocols in IPSEC and create IPSEC SA to secure the
transmission data.
3.4.7.4.1 IKE Safety Proposal
In this table, you can view the information of IKE Proposals.
Choose the menu Data Service→VPN→IPSec→IKE Safety Proposal to load the following page.
Figure 3-78 View IKE Safety Proposal Configuration
Click the Index in the entry you want to modify. If you want to delete the entry, select it and click the Del.
Click the Add button to add a new entry.
Page 55 of 133