Operations of IPSec VPN
Step 1:- Negotiate the IKE Phase 1 Tunnel (ISAKMP Tunnel).
Step 2 :- DH Key Exchange.
Step 3:- Peer Authentication.
Step 4:- Negotiate the IKE Phase 2 Tunnel (IPSEC Tunnel).
Step 1:- Negotiate the IKE Phase 1 Tunnel (ISAKMP Tunnel).
Peers 1st Negotiate over Public (shared ) Network using IKE Phase 1 .
Also know as ISAKMP Tunnel.
Protects only Management Traffic related to IPSec VPN . (No user Data is Transferred over this Tunnel.)
Also know as ISAKMP Tunnel.
Protects only Management Traffic related to IPSec VPN . (No user Data is Transferred over this Tunnel.)
2 Modes –
•Main Mode – Uses 6 messages , More Secure and Default mode.
•Aggressive Mode – Uses 3 messages and Less Secure
•Main Mode – Uses 6 messages , More Secure and Default mode.
•Aggressive Mode – Uses 3 messages and Less Secure
Negotiate 5 Parameters –
“ H A G L E “
•Hashing Algorithm - Integrity - MD5 , SHA
•Authentication - Verification of Peer - Preshared Key (PSK), RSA Signature
•DH Group - Secret Key Exchange -DH1 ,2 ,5 ,14 etc.
•Lifetime - Duration of Tunnel – Default 1 Day = 86400 Seconds
•Encryption - Confidentiality - DES , 3DES ,AES (key size)
•Authentication - Verification of Peer - Preshared Key (PSK), RSA Signature
•DH Group - Secret Key Exchange -DH1 ,2 ,5 ,14 etc.
•Lifetime - Duration of Tunnel – Default 1 Day = 86400 Seconds
•Encryption - Confidentiality - DES , 3DES ,AES (key size)
Step 2 :- DH Key Exchange.
After IKE Phase 1 negotiation DH ( Diffie Hellman) Key Exchanges are exchange between peers.
Which allows to peers to establish a Shared Secret Key Exchange used by Encryption algorithm (DES ,3DES ) over public network .
It is defined in IKE Phase 1 configuration.
Which allows to peers to establish a Shared Secret Key Exchange used by Encryption algorithm (DES ,3DES ) over public network .
It is defined in IKE Phase 1 configuration.
Step 3:- Peer Authentication.
Now Peers Authenticate each other.
The Verification i.e Authentication is done by either using
•Pre-Shared Key (PSK)
•RSA Digital Signature .
The Verification i.e Authentication is done by either using
•Pre-Shared Key (PSK)
•RSA Digital Signature .
Step 4:- Negotiate the IKE Phase 2 Tunnel (IPSEC Tunnel).
IKE Phase 2 is only formed once IKE Phase 1 is formed successfully .
This is also know as IPSec Tunnel.
This Negotiation is not done on public network. It is done on already established secure IKE Phase 1 tunnel . Hence it is completely Private Tunnel.
Here Users traffic is Protected.
Once IKE Phase 2 tunnel is formed then User traffic travel through it .
This is also know as IPSec Tunnel.
This Negotiation is not done on public network. It is done on already established secure IKE Phase 1 tunnel . Hence it is completely Private Tunnel.
Here Users traffic is Protected.
Once IKE Phase 2 tunnel is formed then User traffic travel through it .
ALWAYS REMEMBER
In IKE Phase 1 Configuration – We define Policy
In IKE Phase 2 Configuration – We define Transform Set (Encryption – Hashing)
In IKE Phase 2 Configuration – We define Transform Set (Encryption – Hashing)
Thanks for Reading
amartechstuff
No comments:
Post a Comment