beautypg.com

Amer Networks E5Web GUI User Manual

Page 611

background image

Step 3. Clients Begins Key Exchange

The server has accepted a proposal at this point and the client now begins a key exchange. In
addition, NAT detection payloads are sent to detect if NAT is being used.

IkeSnoop: Received IKE packet from 192.168.0.10:500 Exchange type :

Identity Protection (main mode) ISAKMP Version : 1.0

Flags

:

Cookies

: 0x6098238b67d97ea6 -> 0x5e347cb76e95a

Message ID

: 0x00000000

Packet length

: 220 bytes

# payloads

: 4

Payloads:

KE (Key Exchange)

Payload data length : 128 bytes

NONCE (Nonce)

Payload data length : 16 bytes

NAT-D (NAT Detection)

Payload data length : 16 bytes

NAT-D (NAT Detection)

Payload data length : 16 bytes

Step 4. Server Sends Key Exchange Data

The Server now sends key exchange data back to the client.

IkeSnoop: Sending IKE packet to 192.168.0.10:500 Exchange type :

Identity Protection (main mode) ISAKMP Version : 1.0

Flags

:

Cookies

: 0x6098238b67d97ea6 -> 0x5e347cb76e95a

Message ID

: 0x00000000

Packet length

: 220 bytes

# payloads

: 4

Payloads:

KE (Key Exchange)

Payload data length : 128 bytes

NONCE (Nonce)

Payload data length : 16 bytes

NAT-D (NAT Detection)

Payload data length : 16 bytes

NAT-D (NAT Detection)

Payload data length : 16 bytes

Step 5. Client Sends Identification

The initiator sends the identification which is normally an IP address or the Subject Alternative
Name
if certificates are used.

IkeSnoop: Received IKE packet from 192.168.0.10:500 Exchange type :

Identity Protection (main mode) ISAKMP Version : 1.0

Flags

: E (encryption)

Cookies

: 0x6098238b67d97ea6 -> 0x5e347cb76e95a

Message ID

: 0x00000000

Packet length

: 72 bytes

# payloads

: 3

Payloads:

ID (Identification)

Payload data length : 8 bytes
ID : ipv4(any:0,[0..3]=192.168.0.10)

HASH (Hash)

Chapter 9: VPN

611

This manual is related to the following products: