Zte ZXR10 ZSR V2 Series Product Description page 27
Hide thumbs
Also See for ZXR10 ZSR V2 Series:
- Configuration manual (313 pages) ,
- Configuration manual (system management (192 pages) ,
- Hardware installation manual (67 pages)
Table of Contents
Advertisement
IPSec uses the following framework protocols:
Authentication Header (AH): It provides data origin authentication, data integrity
check and packet anti-replay. AH does not encrypt the protected packet.
Encapsulating Security Payload (ESP) provides both authentication and encryption.
Its authentication functions are almost the same as all AH functions (data integrity
check does not include IP header), and it also encrypts IP packets to improve their
security.
IPSec transmits IP packets in the following modes:
Tunnel mode: AH or ESP is inserted before the original IP header, and a new IP
header is generate and put before the AH or ESP. The mode is applied to the
connection between two security gateways (e.g., routers).
Transfer mode: AH or ESP is inserted after the IP header but before the
transport-layer protocol. The mode is applied to the end-to-end connection between
hosts, and it uses the original IP header address for addressing.
ZXR10 ZSR V2 IPSec has the following features:
Establish a security alliance manually or through IKE dynamic negotiation (isakmp).
Support IKEv1 key negotiation and exchange. IKE support the following security
mechanisms:
ZTE Confidential & Proprietary
Diffie-Hellman (DH) exchange and key distribution: The DH algorithm is a
public key algorithm. Communicating parties send no key but calculate a
shared key through data exchange. The precondition for encrypted is
that both sides for encrypted data exchange must have a shared key.
Perfect Forward Secrecy (PFS): The safety feature means that a cracked
key does not affect the safety of other keys because these keys have no
derivative relationship. The key of the IPSec second stage is derived
from the key of the first phase. If the IKE key of the first phase is stolen,
the attacker may collect enough information to derive the IPSec SA key
of the second stage. PFS implements an additional DH exchange to
ensure the safety of the key of the second phase.
ZXR10 ZSR V2 Series Router Product Description
25
- Quick Links:
- Ipsec Vpn
- Technical Specifications
Hide quick links:
Advertisement
Table of Contents
