Intel PRO/100 Computer Hardware User Manual


 
59
How Packet Protect Uses IPSec
IPSec is a set of standard protocols developed by the Internet Engineering Task
Force (IETF). IPSec is used to protect the privacy and integrity of IP communi-
cations. It protects IP communications using algorithms that perform encryption
and authentication tasks, as well as other features that enforce additional protec-
tion.
If IKE successfully negotiates a protected communication, it passes the agreed
upon information to the IPSec driver used by Packet Protect. Then, the IPSec
driver uses that information to determine how to protect the IP communication.
Security Associations
IP communications use a security contract or security association when they are
protected using IPSec. After a security association is set up between two com-
puters, the computers can exchange data and IPSec will protect that data using
one or more of ESP encryption, ESP authentication, or AH authentication algo-
rithms
The diagram below shows the steps that Packet Protect performs to protect a
communication. The security association is established in Step 3.
For more information about each IPSec setting, see “IPSec Settings” on page 57
and “Customize Security Actions” on page 33.
Security Association Lifetimes
Security associations expire if they reach the maximum threshold defined for the
communication. Packet Protect is designed to automatically re-negotiate the
security association when it is about to expire (usually when it reaches approxi-
mately 80% of its lifetime), if one of the following is true:
The security action is currently in use, that is, data is being transferred cur-
rently.
The security action has been used recently, that is, data was transferred
using that security association.
Step 1: IKE Verifies Pre-shared Key
Step 2: IKE Negotiates IPSec Settings
Step 3: IPSec Protects Packets
Security association