EasyManuals Logo

Digi IX20 User Manual

Digi IX20
1188 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #481 background imageLoading...
Page #481 background image
Virtual PrivateNetworks(VPN) IPsec
IX20 User Guide
481
IPsec
IPsec is a suite of protocols for creating a secure communication link—an IPsec tunnelbetween a
host and a remote IPnetwork or between two IPnetworksacrossa public network such as the
Internet.
IPsec data protection
IPsec protects the data being sent across a public network by providing the following:
Data origin authentication
Authentication of data to validate the origin of data when it is received.
Data integrity
Authentication of data to ensure it hasnot been modified during transmission.
Data confidentiality
Encryption of data sent across the IPsec tunnel to ensure that an unauthorized device cannot read
the data.
Anti-Replay
Authentication of data to ensure an unauthorized device hasnot injected it into the IPsec tunnel.
IPsec mode
The IX20 supports the Tunnel mode. With the Tunnel mode, the entire IPpacket is encrypted and/or
authenticated and then encapsulated as the payload in a new IPpacket. Transport mode is not
currently supported.
IPsec modes
IPsec can run in two different modes: Tunnel and Transport.
Tunnel
The entire IPpacket is encrypted and/or authenticated and then encapsulated asthe payload in a
new IPpacket.
Transport
Only the payload of the IPpacket is encrypted and/or authenticated. The IPheader is left
untouched. Thismode haslimitationswhen using an authentication header, because the IP
addresses in the IPheader cannot be translated (for example, with Network AddressTranslation
(NAT), as it would invalidate the authentication hash value.
Internet Key Exchange (IKE) settings
IKEis a key management protocol that allowsIPsec to negotiate the security associations(SAs) that
are used to create the secure IPsec tunnel. Both IKEv1and IKEv2are supported.
SAnegotiationsare performed in two phases, known as phase 1 and phase 2.
Phase 1
In phase 1, IKEcreates a secure authenticated communication channel between the device and the
peer (the remote device which is at the other end of the IPsec tunnel) using the configured pre-shared
key and the Diffie-Hellman key exchange. This creates the IKESAs that are used to encrypt further IKE
communications.
For IKEv1, there are two modesfor the phase 1 negotiation: Main mode and Aggressive mode. IKEv2
doesnot use these modes.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Digi IX20 and is the answer not in the manual?

Digi IX20 Specifications

General IconGeneral
CategoryWireless Router
Cellular Connectivity4G LTE
Ethernet Ports4
Wi-Fi802.11ac
SIM Slots2
WAN Ports1
LAN Ports3
Weight0.5 kg
Operating Temperature-40°C to +70°C (-40°F to +158°F)