Home | Windows | Network | Post Ur Issues | Database | Virtualization | Knowledge Base | Contact Us

Home Links

Windows Home

Network Home

Database Home

KB Home

Interview Ques.

Network Int. Q & A

Windows Int. Q & A

SQL Int. Q & A

Knowledge Base.

Cisco VOIP

Windows 2003 KB

Windows 2008 KB

Win 2003 - IIS 6.0

SQL Failover Cluster

CCNA - Topics

CCNA - Others

IP Addressing

Subnetting

SNMP

VLSM

CIDR

HSRP

CDP

CEF

IP Sec


CCNA Others

IP Sec

Short for IP Security, a set of protocols developed by the Internet engineering Task Force(IETF) to support secure exchange of packets at the IP layer. IPsec has been deployed widely to implement Virtual Private Networks (VPNs).

IPsec supports two encryption modes: Transport and Tunnel. Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the header and the payload.

For IPsec to work, the sending and receiving devices must share a public key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificate.

 

IPSec VPN connection in general involves two phases.

  • Phase I
  • Phase II

In phase 1 of this process, IKE creates an authenticated, secure channel between the two IKE peers, called the IKE security association. The Diffie-Hellman key agreement is always performed in this phase.

In phase 2, IKE negotiates the IPSec security associations and generates the required key material for IPSec. The sender offers one or more transform sets that are used to specify an allowed combination of transforms with their respective settings. The sender also indicates the data flow to which the transform set is to be applied. The sender must offer at least one transform set. The receiver then sends back a single transform set, which indicates the mutually agreed-upon transforms and algorithms for this particular IPSec session. A new Diffie-Hellman agreement may be done in phase 2, or the keys may be derived from the phase 1 shared secret.

 

CCNA Overview Page

 


Designed by TechieBird