IKEv1 and IPSEC Deep Dive - SVPN 300-730 Topics

IKEv1 and IPSEC Deep Dive


Get 30% off ITprotv.com with: You can use promo code: OSCAROGANDO2
Follow Me on Twitter:
https://twitter.com/CCNADailyTIPS

IKEV1:


IKE provides a way to manage the key exchange, authenticate the peers and agree on a policy securely. IKE uses a protocol called ISAKMP to negotiate IPSec parameters between two peers. ISAKMP communicates on UDP port 500. This transport is fixed for UDP/500 on both the source and destination port of the packet. During the initial setup, the two VPN peers set up a bidirectional tunnel called the ISAKMP Security Association (SA) communication. After that, two unidirectional tunnels called the IPSec Security Associations (SA) are set up for communication the data. It’s important to remember that the ISAKMP SA is a single bidirectional secure communcation channel but the actual encrypted LAN-to-LAN data is not sent over it. It’s merely in place for the setup of the IPSec SAs in which it will encrypt and send the data. Let’s break it down further.

IPSEC:


IPSec functions below the transport layer so it’s completely transparent to applications and the end users. IPSec can be implemented in firewalls and routers. I personally have a preference for routers and as I dig into VPNs further in later blog posts, you’ll see that there are some limitations with firewall VPN implementations that do not exist in routers.

Comments


Books
Nothing here yet!!