Charles 3641-80 User Manual page 99

Ethernet routers

Hide thumbs Also See for 3641-80:

Installation manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

page of 160

/ 160
Contents
Table of Contents
Bookmarks

Table of Contents

I s s u e 1 . 0 , A p r i l 2 0 0 6

payload they are carrying.

• IPSec: IPSec is a protocol suite defined by the IETF to secure communication at layer 3-the

network layer between communicating peers.

• ESP: ESP (Encapsulating Security Payload) protocol [RFC2406] can provide confidentiality

with authenticity and integrity, or confidentiality only services.

• Data Encryption Standard (DES): DES function can be used for both encryption and

decryption. DES is the most widely used shared key cryptographic algorithm and is both a U.S.

and an international standard.

• 3DES: An algorithm that uses DES and one, two, or three keys to encrypt/decrypt/encrypt

packets of information.

• Authentication Header (AH): The Authentication Header is a mechanism for providing strong

integrity and authentication for IP packets. Confidentiality and protection from traffic analysis is

not provided by the Authentication Header.

• IP Payload Compression Protocol (IPCOMP): IP payload compression is a protocol to reduce

the size of IP datagrams. IP payload compression is especially useful when encryption is applied

to IP datagrams.

• Phase 1 negotiation: IKE defines two modes when negotiating a phase 1 SA: main mode and

aggressive mode. There are three negotiating rounds in the IKE phase 1 main mode exchange. In

the first round, one ISAKMP entity (the initiator) sends multiple SA proposals to another entity

(the responder). The responder chooses one proposal and sends it back to the initiator. In the

second round, two peers exchange their key exchange parameters and random use once values

called nonces. In the third round, all the exchanged information is authenticated through one of

the three authentication mechanisms: shared secret, digital signature, or public key encryption.

When shared secret mechanism is employed, the two peers use a secret key derived from a shared

secret to create the keyed hash. The keyed hash is then exchanged between two peers and serves

as the authenticator. With the second alternative digital signature the authentication between the

initiator and the responder is carried out using the digital signature of the negotiation entities.

Two peers exchange digitally signed hashes of their identities, public key values, and SA

proposals. The third alternative is public key encryption. Here, the two peers exchange the public

key encrypted value of their IDs and nonce's, as well as a keyed hash value.

• Phase 2 Negotiation: During phase 2, security associations are negotiated on behalf of services

such as IPSec or any other service that needs keying material or parameter negotiation. Because a

secure channel has already been established in phase 1, the negotiation can be performed more

The availability of features and technical specifications herein subject to change without notice.

Section 364-180-N02

Table of Contents

This manual is also suitable for:

3648-80

Charles 3641-80 User Manual page 99

Related Manuals for Charles 3641-80

Related Products for Charles 3641-80

This manual is also suitable for:

Table of Contents