Reference Manual for the ProSafe VPN Firewall FVS318v3
Virtual Private Networking C-9
January 2005
Figure C-5: VPN tunnel Security Associaton (SA)
The SA contains all the information necessary for gateway A to negotiate a secure and encrypted
communication stream with gateway B. This communication is often referred to as a “tunnel.” The
gateways contain this information so that it does not have to be loaded onto every computer
connected to the gateways.
Each gateway must negotiate its SA with another gateway using the parameters and processes
established by IPSec. As illustrated below, the most common method of accomplishing this
process is via the Internet Key Exchange (IKE) protocol which automates some of the negotiation
procedures.
Figure C-6: IPSec Security Association (SA) negotiation
Or, you can configure your gateways using manual key exchange, which involves manually
configuring each paramter on both gateways.
1. The IPSec software on Host A initiates the IPSec process in an attempt to communicate
with Host B. The two computers then begin the Internet Key Exchange (IKE) process.
VPN Gateway A
VPN Gateway B
VPN Tunnel
PCs
PCs
VPN Gateway
VPN Gateway
1) Communication
request sent to VPN Gateway
2) IKE Phase I authentication
3) IKE Phase II negotiation
4) Secure data transfer
5) IPSec tunnel termination
IPSec Security Association IKE
VPN Tunnel Negotiation Steps
To Next Page
Loading...
Need help?
General
