
10ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES
Public-Key Infrastructure (PKI) Implementation
Applications like IP Security (IPsec) and Internet Key Exchange (IKE) employ
New also is PKI Manager, a graphical management application to aid Enterprise OS devices in obtaining PKI certificates and Certificate Revocation Lists (CRLs) from various Certificate Authorities (CAs). PKI Manager works as a proxy between the device and the CA. It is responsible for collecting the certificate requests from the devices and generating the
Non-Broadcast, Multi-Access (NHRP) for VPN Tunnels
With the
With the Next Hop Resolution Protocol (NHRP) implemented in 11.4, tunnels are now established dynamically. NHRP enhances the
IP Payload Compression Protocol (IPComp or IPPCP)
Enterprise OS software supports data compression to ease bandwidth problems. However, in previous software releases the compression mechanism was not effective when a data stream was encrypted at layer 3. With 11.4, by using IP Payload Compression Protocol (IPComp), RFC 2393, to first reduce the size of the IP datagram by compressing the data, then performing encryption, the size of IP datagrams has been reduced. This is extremely useful when IPsec encryption is applied to IP datagrams, since compression of outbound IP datagrams is done before any IP security processing, and the decompression of inbound IP datagrams is applied after the completion of all IP security processing. Only dynamic negotiations of the IPComp Association (IPCA) via IKE and one compression algorithm (LZS) is supported for 11.4. Any negotiation of IPComp is always combined with a negotiation of ESP, AH, or both.