Table of Contents
Advertisement
IKE and IPSec Policies Tabs
Previously, the way in which the Main tab is used to set the conditions that "trigger" the
SA was described (see page 24). The IKE and IPSec Policies tabs are used to
configure and complete the rest of the policy for the SA. Each SA requires a unique
IPSec form in respect of each peer which can be either a Client or another IPSec
Gateway.
Note: Client applications and other third Party IPSec implementations may refer to
Generally, it is not important to understand the requirements in the detail of these tabs
but it is however important that they are matched between two IPSec peers seeking to
establish an SA.
During Phase 1 of negotiations, IKE is used to establish a secure channel for
performing further IKE negotiations. In Phase 2, IKE is used to negotiate the SA
(Authentication Header or Encapsulation Security Payload). This method prevents a
third party from knowing the type of encryption that is to be used. The diagram shows
the elements and functions of these tabs and shows the first stage of the negotiations.
The following sections detail the configurable options for both the IKE and IPSec
Policies tabs.
IP Office (R3.0) Virtual Private Networking
40DHB0002UKER Issue 3 (4th February 2005)
Phase 1 and Phase 2 negotiations as Proposal 1 and Proposal 2. The IKE and
IPSec Policies tabs equate to Phase 1 and Phase 2 negotiations respectively.
Figure 10. IP Phase 1 and Phase 2 negotiations
Configuration - Page 27
Configuration - Page 27
IPSec Configuration
Advertisement
Chapters
Table of Contents
