SlideShare una empresa de Scribd logo

IPSec VPN & IPSec Protocols

NetProtocol Xpert
NetProtocol Xpert

IPSec VPN & IPSec Protocols

Ingeniería
1 de 22
IPSec VPN & IPSec Protocols www.netprotocolxpert.in
 IPSec VPN provides secure IP communication over an insecure network. IPSec VPN has following features: 1. Confidentiality 2. Integrity 3. Data Origin Authentication 4. Anti-Replay IPSec VPN
Confidentiality  Confidentiality means data will be kept as a secret using encryption algorithm.  Encryption Algorithm  An encryption algorithm is a mathematical algorithm which applies a key to data to make the data unreadable to everyone except those who have the key to decrypt it. Encryption Algorithm is classified into two types:- 1. Symmetric Encryption 2. Asymmetric Encryption
Symmetric Encryption  Symmetric encryption algorithms are also called secret key cryptography. As the name implies, there is a single secret key that is used to both encrypt and decrypt the data. Common symmetric encryption algorithms are: 1. DES (Data Encryption Standard) ◦ It has 56-bit key and can be broken in less than 24 hours using modern computers. ◦ It is not used anymore. 2. 3DES (Triple Data Encryption Standard) ◦ Three different 56-bit keys (DES encrypt, DES decrypt, DES encrypt) are used to create the ciphertext. ◦ It has not yet been broken but has theoretical flaws. 3. AES (Advance Encryption Standard) ◦ 128 Bits to 256 bits keys are used for encryption. ◦ It is widely used symmetric encryption standard nowadays.
Asymmetric Encryption  Asymmetric Encryption Algorithm uses two keys for encryption & decryption. These keys are referred to as public key and private key. Whatever is encrypted by the public key can be decrypted only by the private key and vice versa. Common asymmetric algorithms are Digital Certificates and RSA Signature.
Integrity  In IPSec VPN, Integrity ensures that your data is not altered during transmission. Before the data is transmitted from source a mathematical hash value is calculated using algorithms like MD5 and SHA. After the data is received at destination hash value is calculated again, even if one bit is modified during transmit the hash value will not match. If there is a mismatch in hash value then it means the packet was altered during transmission so it will be discarded.
Data Origin Authentication  It means that both devices will authenticate to each other before actual data transmission using Pre- Shared Key or Certificate (Public Key Infrastructure). It ensures that you are transmitting and receiving data with the authentic party. 1. Pre-Shared – In this method, a single secret key is applied on both peers. This key is shared before its use, hence the name Pre-Shared. 2. Public Key Infrastructure – It provides a framework for managing the security attributes between peers who are engaged in secure communication over an insecure network. PKI consists of a number of elements and network entities.
 PKI consists of a number of elements and network entities  Digital certificate — contains information to uniquely identify a peer. A signed copy of the public encryption key is used for secure communications, certificate validity and the signature of CA that has issued the certificate. X.509v3 is the currently used version of the digital certificate.  Distribution mechanism—A means to distribute certificate revocation lists (CRLs) across the network. Some common examples can be LDAP and HTTP.
 Peers — these are devices or people who securely communicate across an insecure network, also known as end hosts.  The certification authority (CA) — grants and maintains digital certificates. It can be a public CA like VeriSign and Entrust or organization can also make their own private CA on Cisco IOS, Microsoft and Linux server operating system.
PKI Message Process  A host will generate RSA signature & request for the public key of CA.  CA sends it public keys.  The host generates a certificate request and sends to CA.  CA will sign the certificate request with its private key and send the certificate to host.  The host will save it.  The certificate will be used for secure communication.
Anti-Replay  It means transmission has a time or volume validity. If data arrives late it will be considered as altered and will be dropped. Anti-Replay can be defined in kilobytes or seconds.
IPSec Protocols IPSec uses the following protocols:  Internet Key Exchange (IKE)  Encapsulating Security Payload (ESP)  Authentication Header (AH)
Internet Key Exchange  IKE is the protocol used to setup security association between IPSec peers. It provides a framework to exchange the security parameters & policies between them. These security policies must be manually defined at peers. It has the following modes: 1. Main Mode 2. Aggressive Mode 3. Quick Mode
1. Main Mode  In this 6 messages are exchanged in three steps as follows:  Step1 – Proposal Exchange  Message 1- Initiator will send own proposal to responder  Message 2- Responder will send own proposal to initiator  Step2 – Key Exchange  Message 3- Initiator will send own key to responder  Message 4- Responder will send own key to initiator  Step3 – Session Authentication  Message 5- Initiator will authenticate the session  Message 6- Responder will authenticate the session
Refer to the below figure for better understanding.
2. Aggressive Mode  In this 6 messages are converted into three. The messages sent are as mentioned below: 1. The initiator will send own proposal & key to the responder. 2. The responder will authenticate initiator’s proposal. It also sends own proposal & key to the initiator. 3. The initiator will authenticate the session.
Refer to the below figure for better understanding.
3. Quick mode  In the quick mode, they will recheck their attributes using SPI (Security Parameter Index). SPI is sent with every packet by peers. IKE Phases  IKE has the following phases: 1. Phase1 2. 5 (optional) 3. Phase2
IKE Phase 1 In Phase1 they create a single IKE bi-direction tunnel. A single key is used to authenticate the session. The mode used depends on IPSec VPN. Below mentioned Table-1-3 can be used for reference. IPSec VPN Type Mode Used Site-Site VPN Main Mode Remote Access Aggressive Mode DMVPN Main Mode GETVPN Main Mode
 IKE Phase 1.5  It is an optional IKE phase. Phase 1.5 provides an additional layer of Authentication called Xauth (Extended Authentication). Xauth forces the user to authenticate before use Of the IPSec connection.
IKE Phase 2  When phase1 is successfully completed Phase2 is initiated. If phase1 isn’t complete Phase2 will never start. In phase2 they create multiple IPSec unidirectional tunnels. Two tunnels are created per protocol ESP (Encapsulating Security Payload) or AH (Authentication Header). Internet Security Association Key Management Protocol (ISAKMP)  IKE is a management protocol which uses ISAKMP for key and attributes exchange. ISAKMP uses UDP Port 500.
There are differences between the two IKE versions as mentioned in Table-below: IKE Version1 IKE Version2 6 messages 4-6 messages Use ISAKMP Use ISAKMP NAT-T support NAT-T support Fire & Forget Check peer existence via cookies No VOIP support VOIP support No cryptography mechanism for key exchange Use suit B cryptography

Recomendados

IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 
IPsec vpn
IPsec vpnIPsec vpn
IPsec vpnsharetech
 
IPSec VPN tunnel
IPSec VPN tunnelIPSec VPN tunnel
IPSec VPN tunnelArunKumar Subbiah
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic ConceptsAvadhesh Agrawal
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1Sankaranarayanan Subramanian
 
IP security
IP securityIP security
IP securityshraddha mane
 

Recomendados

IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 
IPsec vpn
IPsec vpnIPsec vpn
IPsec vpnsharetech
 
IPSec VPN tunnel
IPSec VPN tunnelIPSec VPN tunnel
IPSec VPN tunnelArunKumar Subbiah
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic ConceptsAvadhesh Agrawal
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1Sankaranarayanan Subramanian
 
IP security
IP securityIP security
IP securityshraddha mane
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA FirewallsBryley Systems Inc.
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to siteIT Tech
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1Shobhit Sharma
 
Ip Sec
Ip SecIp Sec
Ip SecRam Dutt Shukla
 
Ipsec
IpsecIpsec
IpsecBaidyanath Dutta
 
VPLS Fundamental
VPLS FundamentalVPLS Fundamental
VPLS FundamentalReza Farahani
 
Pgp
PgpPgp
PgpReham Maher El-Safarini
 
VPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and BenefitsVPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and Benefitsqaisar17
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)GLC Networks
 
Ip security
Ip security Ip security
Ip security Dr.K.Sreenivas Rao
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security@zenafaris91
 
10 palo alto nat policy concepts
10 palo alto nat policy concepts10 palo alto nat policy concepts
10 palo alto nat policy conceptsMostafa El Lathy
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofingLuthfi Widyanto
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)sonangrai
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to siteMostafa El Lathy
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
CCNP Security-VPN
CCNP Security-VPNCCNP Security-VPN
CCNP Security-VPNmohannadalhanahnah
 
Network Security- port security.pptx
Network Security- port security.pptxNetwork Security- port security.pptx
Network Security- port security.pptxSulSya
 
IPSec VPN Basics
IPSec VPN BasicsIPSec VPN Basics
IPSec VPN BasicsMartin Bratina
 
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS NetProtocol Xpert
 

Más contenido relacionado

La actualidad más candente

Vpn site to site
Vpn site to siteVpn site to site
Vpn site to siteIT Tech
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1Shobhit Sharma
 
VPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and BenefitsVPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and Benefitsqaisar17
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)GLC Networks
 
10 palo alto nat policy concepts
10 palo alto nat policy concepts10 palo alto nat policy concepts
10 palo alto nat policy conceptsMostafa El Lathy
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)sonangrai
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
Network Security- port security.pptx
Network Security- port security.pptxNetwork Security- port security.pptx
Network Security- port security.pptxSulSya
 

La actualidad más candente (20)

Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to site
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1
 
Ip Sec
Ip SecIp Sec
Ip Sec
 
Ipsec
IpsecIpsec
Ipsec
 
VPLS Fundamental
VPLS FundamentalVPLS Fundamental
VPLS Fundamental
 
Pgp
PgpPgp
Pgp
 
VPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and BenefitsVPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and Benefits
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
 
Ip security
Ip security Ip security
Ip security
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
 
10 palo alto nat policy concepts
10 palo alto nat policy concepts10 palo alto nat policy concepts
10 palo alto nat policy concepts
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofing
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to site
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
CCNP Security-VPN
CCNP Security-VPNCCNP Security-VPN
CCNP Security-VPN
 
Network Security- port security.pptx
Network Security- port security.pptxNetwork Security- port security.pptx
Network Security- port security.pptx
 

Destacado

SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS NetProtocol Xpert
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip securityrajakhurram
 
How Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsHow Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsUday Bhatia
 
Arbol b+
Arbol b+Arbol b+
Arbol b+cesarpa
 
Brkcrt 2214
Brkcrt 2214Brkcrt 2214
Brkcrt 2214Mac An
 
6WINDGate™ - Powering the New-Generation of IPsec Gateways
6WINDGate™ - Powering the New-Generation of IPsec Gateways6WINDGate™ - Powering the New-Generation of IPsec Gateways
6WINDGate™ - Powering the New-Generation of IPsec Gateways6WIND
 
DPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationDPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationMichelle Holley
 
Ubuntu SSL VPN
Ubuntu SSL VPNUbuntu SSL VPN
Ubuntu SSL VPNsharetech
 
Site to Site VPN CISCO ASA
Site to Site VPN CISCO ASASite to Site VPN CISCO ASA
Site to Site VPN CISCO ASARahul E
 
Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718
Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718
Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718guest75224e4
 
Network Service in OpenStack Cloud, by Yaohui Jin
Network Service in OpenStack Cloud, by Yaohui JinNetwork Service in OpenStack Cloud, by Yaohui Jin
Network Service in OpenStack Cloud, by Yaohui JinHui Cheng
 

Destacado (17)

IPSec VPN Basics
IPSec VPN BasicsIPSec VPN Basics
IPSec VPN Basics
 
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
 
Protocole IKE/IPsec
Protocole IKE/IPsecProtocole IKE/IPsec
Protocole IKE/IPsec
 
IPsec
IPsecIPsec
IPsec
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
 
How Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsHow Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptions
 
IP Security
IP SecurityIP Security
IP Security
 
Ch32
Ch32Ch32
Ch32
 
Arbol b+
Arbol b+Arbol b+
Arbol b+
 
Brkcrt 2214
Brkcrt 2214Brkcrt 2214
Brkcrt 2214
 
6WINDGate™ - Powering the New-Generation of IPsec Gateways
6WINDGate™ - Powering the New-Generation of IPsec Gateways6WINDGate™ - Powering the New-Generation of IPsec Gateways
6WINDGate™ - Powering the New-Generation of IPsec Gateways
 
DPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationDPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway Application
 
Ubuntu SSL VPN
Ubuntu SSL VPNUbuntu SSL VPN
Ubuntu SSL VPN
 
Vpn 3
Vpn 3Vpn 3
Vpn 3
 
Site to Site VPN CISCO ASA
Site to Site VPN CISCO ASASite to Site VPN CISCO ASA
Site to Site VPN CISCO ASA
 
Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718
Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718
Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718
 
Network Service in OpenStack Cloud, by Yaohui Jin
Network Service in OpenStack Cloud, by Yaohui JinNetwork Service in OpenStack Cloud, by Yaohui Jin
Network Service in OpenStack Cloud, by Yaohui Jin
 

Similar a IPSec VPN & IPSec Protocols

Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityPriyadharshiniVS
 
Design methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverDesign methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverijmnct
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vandaVanda KANY
 
CRYPTO_REPORT on SECURITY POLICY.pdf
CRYPTO_REPORT on SECURITY POLICY.pdfCRYPTO_REPORT on SECURITY POLICY.pdf
CRYPTO_REPORT on SECURITY POLICY.pdfSpammer7
 
key distribution in network security
key distribution in network securitykey distribution in network security
key distribution in network securitybabak danyal
 
A Review Paper on Secure authentication and data sharing in cloud storage usi...
A Review Paper on Secure authentication and data sharing in cloud storage usi...A Review Paper on Secure authentication and data sharing in cloud storage usi...
A Review Paper on Secure authentication and data sharing in cloud storage usi...ijsrd.com
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
Ip sec talk
Ip sec talkIp sec talk
Ip sec talkanoean
 
Efficient Multi Server Authentication and Hybrid Authentication Method
Efficient Multi Server Authentication and Hybrid Authentication MethodEfficient Multi Server Authentication and Hybrid Authentication Method
Efficient Multi Server Authentication and Hybrid Authentication MethodIJCERT
 
The Security layer
The Security layerThe Security layer
The Security layerSwetha S
 
Iaetsd a survey on cloud storage security with
Iaetsd a survey on cloud storage security withIaetsd a survey on cloud storage security with
Iaetsd a survey on cloud storage security withIaetsd Iaetsd
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxjithu26327
 
Secure3 authentication for sensitive data on cloud using textual, chessboard ...
Secure3 authentication for sensitive data on cloud using textual, chessboard ...Secure3 authentication for sensitive data on cloud using textual, chessboard ...
Secure3 authentication for sensitive data on cloud using textual, chessboard ...eSAT Journals
 

Similar a IPSec VPN & IPSec Protocols (20)

Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Ip Security.pptx
Ip Security.pptxIp Security.pptx
Ip Security.pptx
 
Design methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverDesign methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa server
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and ssl
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vanda
 
CRYPTO_REPORT on SECURITY POLICY.pdf
CRYPTO_REPORT on SECURITY POLICY.pdfCRYPTO_REPORT on SECURITY POLICY.pdf
CRYPTO_REPORT on SECURITY POLICY.pdf
 
key distribution in network security
key distribution in network securitykey distribution in network security
key distribution in network security
 
Cn36539543
Cn36539543Cn36539543
Cn36539543
 
network security
network securitynetwork security
network security
 
A Review Paper on Secure authentication and data sharing in cloud storage usi...
A Review Paper on Secure authentication and data sharing in cloud storage usi...A Review Paper on Secure authentication and data sharing in cloud storage usi...
A Review Paper on Secure authentication and data sharing in cloud storage usi...
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moeshesh
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
Ip sec talk
Ip sec talkIp sec talk
Ip sec talk
 
Efficient Multi Server Authentication and Hybrid Authentication Method
Efficient Multi Server Authentication and Hybrid Authentication MethodEfficient Multi Server Authentication and Hybrid Authentication Method
Efficient Multi Server Authentication and Hybrid Authentication Method
 
The Security layer
The Security layerThe Security layer
The Security layer
 
Iaetsd a survey on cloud storage security with
Iaetsd a survey on cloud storage security withIaetsd a survey on cloud storage security with
Iaetsd a survey on cloud storage security with
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptx
 
Ip security
Ip security Ip security
Ip security
 
Comprehensive Guide On Network Security
Comprehensive Guide On Network SecurityComprehensive Guide On Network Security
Comprehensive Guide On Network Security
 
Secure3 authentication for sensitive data on cloud using textual, chessboard ...
Secure3 authentication for sensitive data on cloud using textual, chessboard ...Secure3 authentication for sensitive data on cloud using textual, chessboard ...
Secure3 authentication for sensitive data on cloud using textual, chessboard ...
 

Más de NetProtocol Xpert

Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)NetProtocol Xpert
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationNetProtocol Xpert
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)NetProtocol Xpert
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data planeNetProtocol Xpert
 
Point to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPPoint to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPNetProtocol Xpert
 
Avoid DNS lookup when mistyping a command
Avoid DNS lookup when mistyping a commandAvoid DNS lookup when mistyping a command
Avoid DNS lookup when mistyping a commandNetProtocol Xpert
 
TCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and SwitchesTCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and SwitchesNetProtocol Xpert
 
MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)NetProtocol Xpert
 
OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)NetProtocol Xpert
 

Más de NetProtocol Xpert (20)

Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
 
MPLS Layer 3 VPN
MPLS Layer 3 VPN MPLS Layer 3 VPN
MPLS Layer 3 VPN
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & Mitigation
 
Storm-Control
Storm-ControlStorm-Control
Storm-Control
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)
 
IP Source Guard
IP Source Guard IP Source Guard
IP Source Guard
 
DHCP Snooping
DHCP SnoopingDHCP Snooping
DHCP Snooping
 
Password Recovery
Password RecoveryPassword Recovery
Password Recovery
 
Application & Data Center
Application & Data CenterApplication & Data Center
Application & Data Center
 
Cisco ISR 4351 Router
Cisco ISR 4351 RouterCisco ISR 4351 Router
Cisco ISR 4351 Router
 
Cisco ASR 1001-X Router
Cisco ASR 1001-X RouterCisco ASR 1001-X Router
Cisco ASR 1001-X Router
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
 
Point to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPPoint to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAP
 
Avoid DNS lookup when mistyping a command
Avoid DNS lookup when mistyping a commandAvoid DNS lookup when mistyping a command
Avoid DNS lookup when mistyping a command
 
TCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and SwitchesTCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and Switches
 
Private VLANs
Private VLANsPrivate VLANs
Private VLANs
 
MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)
 
OTV Configuration
OTV ConfigurationOTV Configuration
OTV Configuration
 
Cisco OTV 
Cisco OTV Cisco OTV 
Cisco OTV 
 
OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)
 

Último

Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...ranjana rawat
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 

Último (20)

Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 

IPSec VPN & IPSec Protocols

  • 1. IPSec VPN & IPSec Protocols www.netprotocolxpert.in
  • 2.  IPSec VPN provides secure IP communication over an insecure network. IPSec VPN has following features: 1. Confidentiality 2. Integrity 3. Data Origin Authentication 4. Anti-Replay IPSec VPN
  • 3. Confidentiality  Confidentiality means data will be kept as a secret using encryption algorithm.  Encryption Algorithm  An encryption algorithm is a mathematical algorithm which applies a key to data to make the data unreadable to everyone except those who have the key to decrypt it. Encryption Algorithm is classified into two types:- 1. Symmetric Encryption 2. Asymmetric Encryption
  • 4. Symmetric Encryption  Symmetric encryption algorithms are also called secret key cryptography. As the name implies, there is a single secret key that is used to both encrypt and decrypt the data. Common symmetric encryption algorithms are: 1. DES (Data Encryption Standard) ◦ It has 56-bit key and can be broken in less than 24 hours using modern computers. ◦ It is not used anymore. 2. 3DES (Triple Data Encryption Standard) ◦ Three different 56-bit keys (DES encrypt, DES decrypt, DES encrypt) are used to create the ciphertext. ◦ It has not yet been broken but has theoretical flaws. 3. AES (Advance Encryption Standard) ◦ 128 Bits to 256 bits keys are used for encryption. ◦ It is widely used symmetric encryption standard nowadays.
  • 5. Asymmetric Encryption  Asymmetric Encryption Algorithm uses two keys for encryption & decryption. These keys are referred to as public key and private key. Whatever is encrypted by the public key can be decrypted only by the private key and vice versa. Common asymmetric algorithms are Digital Certificates and RSA Signature.
  • 6. Integrity  In IPSec VPN, Integrity ensures that your data is not altered during transmission. Before the data is transmitted from source a mathematical hash value is calculated using algorithms like MD5 and SHA. After the data is received at destination hash value is calculated again, even if one bit is modified during transmit the hash value will not match. If there is a mismatch in hash value then it means the packet was altered during transmission so it will be discarded.
  • 7. Data Origin Authentication  It means that both devices will authenticate to each other before actual data transmission using Pre- Shared Key or Certificate (Public Key Infrastructure). It ensures that you are transmitting and receiving data with the authentic party. 1. Pre-Shared – In this method, a single secret key is applied on both peers. This key is shared before its use, hence the name Pre-Shared. 2. Public Key Infrastructure – It provides a framework for managing the security attributes between peers who are engaged in secure communication over an insecure network. PKI consists of a number of elements and network entities.
  • 8.  PKI consists of a number of elements and network entities  Digital certificate — contains information to uniquely identify a peer. A signed copy of the public encryption key is used for secure communications, certificate validity and the signature of CA that has issued the certificate. X.509v3 is the currently used version of the digital certificate.  Distribution mechanism—A means to distribute certificate revocation lists (CRLs) across the network. Some common examples can be LDAP and HTTP.
  • 9.  Peers — these are devices or people who securely communicate across an insecure network, also known as end hosts.  The certification authority (CA) — grants and maintains digital certificates. It can be a public CA like VeriSign and Entrust or organization can also make their own private CA on Cisco IOS, Microsoft and Linux server operating system.
  • 10. PKI Message Process  A host will generate RSA signature & request for the public key of CA.  CA sends it public keys.  The host generates a certificate request and sends to CA.  CA will sign the certificate request with its private key and send the certificate to host.  The host will save it.  The certificate will be used for secure communication.
  • 11. Anti-Replay  It means transmission has a time or volume validity. If data arrives late it will be considered as altered and will be dropped. Anti-Replay can be defined in kilobytes or seconds.
  • 12. IPSec Protocols IPSec uses the following protocols:  Internet Key Exchange (IKE)  Encapsulating Security Payload (ESP)  Authentication Header (AH)
  • 13. Internet Key Exchange  IKE is the protocol used to setup security association between IPSec peers. It provides a framework to exchange the security parameters & policies between them. These security policies must be manually defined at peers. It has the following modes: 1. Main Mode 2. Aggressive Mode 3. Quick Mode
  • 14. 1. Main Mode  In this 6 messages are exchanged in three steps as follows:  Step1 – Proposal Exchange  Message 1- Initiator will send own proposal to responder  Message 2- Responder will send own proposal to initiator  Step2 – Key Exchange  Message 3- Initiator will send own key to responder  Message 4- Responder will send own key to initiator  Step3 – Session Authentication  Message 5- Initiator will authenticate the session  Message 6- Responder will authenticate the session
  • 15. Refer to the below figure for better understanding.
  • 16. 2. Aggressive Mode  In this 6 messages are converted into three. The messages sent are as mentioned below: 1. The initiator will send own proposal & key to the responder. 2. The responder will authenticate initiator’s proposal. It also sends own proposal & key to the initiator. 3. The initiator will authenticate the session.
  • 17. Refer to the below figure for better understanding.
  • 18. 3. Quick mode  In the quick mode, they will recheck their attributes using SPI (Security Parameter Index). SPI is sent with every packet by peers. IKE Phases  IKE has the following phases: 1. Phase1 2. 5 (optional) 3. Phase2
  • 19. IKE Phase 1 In Phase1 they create a single IKE bi-direction tunnel. A single key is used to authenticate the session. The mode used depends on IPSec VPN. Below mentioned Table-1-3 can be used for reference. IPSec VPN Type Mode Used Site-Site VPN Main Mode Remote Access Aggressive Mode DMVPN Main Mode GETVPN Main Mode
  • 20.  IKE Phase 1.5  It is an optional IKE phase. Phase 1.5 provides an additional layer of Authentication called Xauth (Extended Authentication). Xauth forces the user to authenticate before use Of the IPSec connection.
  • 21. IKE Phase 2  When phase1 is successfully completed Phase2 is initiated. If phase1 isn’t complete Phase2 will never start. In phase2 they create multiple IPSec unidirectional tunnels. Two tunnels are created per protocol ESP (Encapsulating Security Payload) or AH (Authentication Header). Internet Security Association Key Management Protocol (ISAKMP)  IKE is a management protocol which uses ISAKMP for key and attributes exchange. ISAKMP uses UDP Port 500.
  • 22. There are differences between the two IKE versions as mentioned in Table-below: IKE Version1 IKE Version2 6 messages 4-6 messages Use ISAKMP Use ISAKMP NAT-T support NAT-T support Fire & Forget Check peer existence via cookies No VOIP support VOIP support No cryptography mechanism for key exchange Use suit B cryptography