IP- Sec is the most used tunnel in creating the VPn site-to-site tunnel.
IKE - ( Internet Key Exchange Protocol )
Internet key Exchange
- It automates the negotiations process of the S.A.
- Dead Peer Detection : Hello Timer 10 Sec.
In Which two major protocols are involved - 1) Isakmp 2) DH - Group
ISAKMP - ( Internet Security Association and Key Management Protocol )
- This protocol is used for the exchange of the POLICY and Transform Set's, S.A related to the IpSec tunnel formation.
DH-GROUP - ( Deffie Hellman Algorithum )
Used for the Exchange of the PASSWORD'S between two devices to establish a shared secret over an unsecured communication like isakmp for IPSEC.
DH consists of the following options:
- D-H Group 1 — 768-bit DH Group.
- D-H Group 2 — 1024-bit DH Group. This group provides more security than group 1, but requires more processing time.
- D-H Group 5 — 1536-bit DH Group. This group provides more security than group 2, but requires more processing time.
Hashing -
A process of date integrity with out the process of encryption. It makes sure that the date is not tampered till it is delivered to the destination by generating and verifying the HMAC values.
Which supports two types of protocols : MD5 and SHA.
Encryption -
A process of converting simple clear text into ----> cypher text ( which is not understandable by humans )
Used for the protection of the data.
Algorithms used are DES, 3DES, AES
Des -
3DES-
AES -
ESP - ( Encapsulation Security Payload )
Esp supports Encryption, Hashing, Authentication, Encapsulation and Optional Anti replay
AH - ( Authentication Header )
Ah supports Hashing, Authentication, Encapsulation and Optional Anti replay.
The only difference between ESP and AH is encryption process.
Two basic modes 1) Tunnel Mode 2) Transport Mode
Tunnel mode is used between TWO sites , where the encapsulation will take place ( adding a new header )
Transport mode is used with in the site, where there is no encapsulation.
No comments:
Post a Comment