IP Security - Virtual Private Network
Left running head:
Chapter name (automatic)
812
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
Alcatel-Lucent
S
ECURITY ASSOCIATION (SA)
SA is an unidirectional agreement between the VPN participants regarding the
methods and parameters to use in securing a communication channel. Full
bidirectional communication requires at least two SAs, one for each direction. The
main components of SA are the transform details that are used to protect the data.
The tunnel negotiation happens in two phases.
P
HASE 1
Phase 1 is also called as the "Main Mode". The objective of "Phase 1" is to
establish a secure channel, authenticate the negotiating parties, and generate
shared keys to protect IKE protocol messages.
Figure 29: Phase 1 Negotiation - Main Mode
MESSAGE 1
MESSAGE 2
MESSAGE 3
MESSAGE 4
MESSAGE 5
MESSAGE 6
ISAKMP HEADER
ISAKMP HEADER
ISAKMP HEADER
Proposal Payload (s)
Accepted Proposal
Payload
Key Exchange Payload (CH)
Nonce Payload
ISAKMP HEADER
Key Exchange Payload (CH)
Nonce Payload
ISAKMP HEADER
Identity Payload
Authentication Data
Payload
ENCRYPTED
ISAKMP HEADER
Identity Payload
Authentication Data
Payload
ENCRYPTED
I
N
I
T
I
A
T
O
R
R
E
S
P
O
N
D
E
R
To Next Page
Loading...
