Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 5
Next »
| Internet Key Exchange |
|
|---|
| IKE Version 1 |
|
| Phase 1 | - Main Mode: ( site-2-site )
- Propose : Encryption and Authentication Algorithms
- Initiator and responder: Diffie-Hellman key exchange process (send Public key + Random number )
Pre-shared key Private Keys ( exchange using PKI ) 3. Use the encrypted communication channel 4. Send IKE identification to authenticate itself
- Initiator Propose : Encryption and Authentication Algorithms + IKE identity to authenticate itself
- Responder Propose
- Secure channel for negotiating the IPsec VPN phase 2
|
| Phase 2 |
|
| IKE Version 2 | |
| IKE-SA-INIT IKE-AUTH CREATE_CHILD_SA INFORMATIONAL 
|
| Tunnel Mode ( most used ) | - encapsulation of the layer 3 / original packet
- With ESP(+AH) or just AH
|
| Transport Mode | encapsulation of layer 4 of the original packet
|
| PKI or Public Key Infrastructure |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|