AH Protocol
The AH protocol provides secure transmission through authentication of packets only, including
headers.
• For successful authentication, the sender and receiver must specify the same authentication
algorithm and authentication key. The authentication algorithm and authentication key are
specified automatically.
AH Protocol + ESP Protocol
When combined, the ESP and AH protocols provide secure transmission through both encryption
and authentication. These protocols provide header authentication.
• For successful encryption, both the sender and receiver must specify the same encryption
algorithm and encryption key. The encryption algorithm and encryption key are specified
automatically.
• For successful authentication, the sender and receiver must specify the same authentication
algorithm and authentication key. The authentication algorithm and authentication key are
specified automatically.
• Some operating systems use the term "Compliance" in place of "Authentication".
Security Association
This machine uses encryption key exchange as the key setting method. With this method, agreements
such as the IPsec algorithm and key must be specified for both sender and receiver. Such agreements
form what is known as an SA (Security Association). IPsec communication is possible only if the
receiver's and sender's SA settings are identical.
The SA settings are auto configured on both parties' machines. However, before the IPsec SA can be
established, the ISAKMP SA (Phase 1) settings must be auto configured. When this is done, the IPsec SA
(Phase 2) settings, which allow actual IPsec transmission, will be auto configured.
Also, for further security, the SA can be periodically auto updated by applying a validity period (time
limit) for its settings. This machine only supports IKEv1 for encryption key exchange.
Multiple settings can be configured in the SA.
Settings 1-10
You can configure ten separate sets of SA details (such as different shared keys and IPsec
algorithms).
IPsec policies are searched through one by one, starting at [No.1].
11. Appendix
428
11