Dascom 7010 PrintServer Manual User Manual

Internet Protocol Security (IPsec)

Print Server User Manual

114

Fig. 20: IPsec procedure

(1) The administrator defines a policy in the SPD via ’setkey’.
(2) The kernel refers to the SPD to determine if IPsec can be used for an IP data packet.
(3) If a key is required for the IPsec-SA, the kernel will get the key from the SAD.
(4) If the SAD has no key, the kernel sends a request to ’racoon’.
(5) ’racoon’ uses IKE to exchange keys with the remote server.
(6) ’racoon’ writes the key to the SAD.
(7) The kernel is able to send IPsec data packets.

You can use manual keys or an IKE daemon (e.g. racoon) for
authentication purposes. racoon provides the automatic key
exchange between two hosts. The setup of a policy in the SPD is
required in both cases.

When using manual keys, you must make entries in the SAD in order
to provide the encryption algorithm and the keys for a secure
communication with other hosts. When using an IKE daemon, the
SAs are created automatically.