beautypg.com

Relationship between ike and ipsec, Protocols and standards, Ike configuration task list – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 384

background image

370

Relationship between IKE and IPsec

Figure 150 Relationship between IKE and IPsec

Figure 150

illustrates the relationship between IKE and IPsec:

IKE is an application layer protocol using UDP and functions as the signaling protocol of IPsec.

IKE negotiates SAs for IPsec and delivers negotiated parameters and generated keys to IPsec.

IPsec uses the SAs set up through IKE negotiation for encryption and authentication of IP packets.

Protocols and standards

These protocols and standards are relevant to IKE:

RFC 2408, Internet Security Association and Key Management Protocol (ISAKMP)

RFC 2409, The Internet Key Exchange (IKE)

RFC 2412, The OAKLEY Key Determination Protocol

IKE configuration task list

Prior to IKE configuration, you must determine the following parameters:

The strength of the algorithms for IKE negotiation (the security protection level), including the
identity authentication method, encryption algorithm, authentication algorithm, and DH group.

Different algorithms provide different levels of protection. A stronger algorithm means more resistant

to decryption of protected data but requires more resources. Generally, the longer the key, the
stronger the algorithm.

The pre-shared key or the PKI domain the certificate belongs to. For more information about PKI
configuration, see "Configuring PKI."

Complete the following tasks to configure IKE:

Task Remarks

Configuring a name for the local security gateway

Optional.