Filter
Top Products
Internet Key Exchange (IKE) IPsec Key Management for VPNs 5-1
CC
CC
hh
hh
aa
aa
pp
pp
tt
tt
ee
ee
rr
rr
55
55
II
II
nn
nn
tt
tt
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
KK
KK
ee
ee
yy
yy
EE
EE
xx
xx
cc
cc
hh
hh
a
a
aa
nn
nn
gg
gg
ee
ee
((
((
II
II
KK
KK
EE
EE
))
))
II
II
PP
PP
ss
ss
ee
ee
cc
cc
KK
KK
ee
ee
yy
yy
MM
MM
aa
aa
nn
nn
aa
aa
gg
gg
ee
ee
mm
mm
ee
ee
nn
nn
tt
tt
ff
ff
oo
oo
rr
rr
VV
VV
PP
PP
NN
NN
ss
ss
IPsec stands for IP Security, a set of protocols that supports secure exchange of IP packets at the IP layer.
IPsec is deployed widely to implement Virtual Private Networks (VPNs). See “Virtual Private Networks (VPNs)”
on page 4-1 for more information.
The Version 5.3 firmware supports Internet Key Exchange (IKE) for secure encrypted communication over a VPN
tunnel.
This chapter covers the following topics:
■ “Overview” on page 5-1
■ “Internet Key Exchange (IKE) Configuration” on page 5-2
■ “Key Management” on page 5-9
■ “IPsec WAN Configuration Screens” on page 5-18
■ “IPsec Manual Key Entry” on page 5-19
Overview
IPsec supports two encapsulation modes: Transport and Tunnel. Transport mode encrypts only the data portion
(payload) of each packet, but leaves the header untouched. Tunnel mode encrypts both the header and the
payload. On the receiving side, an IPsec-compliant device decrypts each packet. Netopia Routers support
Tunnel mode.
DES stands for Data Encryption Standard, a popular symmetric-key encryption method. DES uses a 56-bit key.
Netopia Routers offer IPsec 3DES (triple DES) encryption as a standard option.
Note: Some models support built-in hardware acceleration of 3DES encryption at line speeds. The optional
VPN-accelerated models (all 4652 models and 4522 routers whose model number ends in “-XL”) accelerate
IPsec encryption and authentication.
Internet Key Exchange (IKE) is an authentication and encryption key management protocol used in conjunction
with the IPsec standard.
IKE is a two-phase protocol for key exchange.
■ Phase 1 authenticates the security gateways and establishes the Security Parameters (SPs) they will use
to negotiate on behalf of the clients. Security Associations (SAs) are sets of information values that allow