4.8 NAT-T
NAT-T (NAT Traversal in the IKE) is a method of enabling IPSec-protected IP datagram’s
to pass through a Network address translator (NAT). An IP packet is modified while
passing through a network address translator device in a manner that is incompatible
with Internet Protocol Security (IPSec). NAT-T protects the original IPSec encoded
packet by encapsulating it with another layer of UDP and IP headers. The negotiation
during the Internet key exchange (IKE) phase is defined in RFC 3947 and the UDP
encapsulation itself is defined in RFC 3948. Most major networking vendors support NAT-
T for IKEv1 in their devices. In Microsoft Windows XP with Service Pack 2 the feature can
be enabled.
4.9 IKE
Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association
(SA) in the IPSec protocol suite. IKE uses a Diffie-Hellman key exchange to set up a
shared session secret, from which cryptographic keys are derived. Public key
techniques or, alternatively, a pre-shared key, are used to mutually authenticate the
communicating parties.
4.9.1 3DES
The earliest standard that defines the algorithm (ANS X9.52, published in 1998)
describes it as the "Triple Data Encryption Algorithm (TDEA)" — i.e. three operations
of the Data Encryption Algorithm specified in ANSI X3.92 — and does not use the
terms "Triple DES" or "DES".
4.9.2 AES
The Advanced Encryption Standard (AES) is an encryption standard adopted by
the U.S. government. The standard comprises three block ciphers, AES-128, AES-192
and AES-256, adopted from a larger collection originally published as Rijndael. Each
AES cipher has a 128-bit block size, with key sizes of 128, 192 and 256 bits,
respectively. The AES ciphers have been analyzed extensively and are now used
worldwide.
4.9.3 MD5
MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function
with a 128-bit hash value. As an Internet standard (RFC 1321), MD5 has been
employed in a wide variety of security applications, and is also commonly used to
To Next Page
Loading...
Need help?
General
