Internet Key Exchange (IKE) IPsec Key Management for VPNs
Chapter 5
Internet Key Exchange (IKE) IPsec Key Management for VPNs
IPsec stands for IP Security, a set of protocols that supports secure exchange of IP packets at the IP layer. IPsec is deployed widely to implement Virtual Private Networks (VPNs). See “Virtual Private Networks (VPNs)” on page
The Netopia Firmware Version 8.4 supports Internet Key Exchange (IKE) for secure encrypted communication over a VPN tunnel.
This chapter covers the following topics:
•“Overview” on page
•“Internet Key Exchange (IKE) Configuration” on page
•“Key Management” on page
•“IPsec WAN Configuration Screens” on page
•“IPsec Manual Key Entry” on page
Overview
IPsec supports two encapsulation modes: Transport and Tunnel. Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. Tunnel mode encrypts both the header and the payload. On the receiving side, an
DES stands for Data Encryption Standard, a popular
Internet Key Exchange (IKE) is an authentication and encryption key management protocol used in conjunction with the IPsec standard.
IKE is a
•Phase 1 authenticates the security gateways and establishes the Security Parameters (SPs) they will use to negotiate on behalf of the clients. Security Associations (SAs) are sets of information values that allow the two devices on the Internet to communicate securely.
•Phase 2 establishes the tunnel and provides for secure transport of data.
IPsec can be configured without IKE, but IKE offers additional features, flexibility, and ease of configuration. Key exchange between your local Router and a remote point can be configured either manually or by using the key exchange protocol.
