Changes

Template:Networking rut manual vpn (view source)

Revision as of 14:53, 21 May 2019

2,922 bytes added ,  14:53, 21 May 2019
no edit summary
Line 603: Line 603:  
</ul>
 
</ul>
   −
====Phase settings====
+
===Phase settings===
 
----
 
----
 +
IKE (Internet Key Exchange) is a protocol used to set up security associations (SAs) for the IPsec connection. This process is required before any IPsec tunnel can be established. It is done in two phases:
    +
<table border=1; style="border-collapse: collapse;">
 +
    <tr>
 +
        <th width=400><span style="color: #0054A6;">Phase</span></th>
 +
        <th colspan="2"><span style="color: #0054A6;">Mode</span></th>
 +
    </tr>
 +
    <tr style="vertical-align: top;">
 +
        <td><b>Phase 1</b>
 +
            <ul>
 +
                <li>Establishes a secure channel between peers</li>
 +
                <li>Authenticates peers</li>
 +
                <li>Negotiates SA policy</li>
 +
                <li>Shares secret keys</li>
 +
                <li>Establishes secure tunnel for phase 2</li>
 +
            </ul>
 +
        </td>
 +
        <td width=350>Main mode (figure 1)
 +
            <ul>
 +
                <li>6 packets exchanged</li>
 +
                <li>Identity protected during exchange</li>
 +
            </ul>
 +
        </td>
 +
        <td width=350>Aggressive mode (figure 2)
 +
            <ul>
 +
                <li>3 packets exchanged</li>
 +
                <li>Identity information exchanged before a secure channel is established</li>
 +
            </ul>
 +
        </td>
 +
    </tr>
 +
    <tr style="vertical-align: top;">
 +
        <td><b>Phase 2</b>
 +
            <ul>
 +
                <li>Sets up matching IPsec SAs</li>
 +
                <li>Periodically renegotiates IPsec SAs</li>
 +
            </ul>
 +
        </td>
 +
        <td colspan="2">Quick mode
 +
            <ul>
 +
                <li>3 packets exchanged</li>
 +
                <li>IPsec SA parameters (ESP/AH, SHA/MD5) established</li>
 +
                <li>SA lifetime set</li>
 +
            </ul>
 +
        </td>
 +
    </tr>
 +
</table>
 +
<br>
 +
<table>
 +
    <tr>
 +
        <td><b>Figure 1</b></td>
 +
        <td><b>Figure 2</b></td>
 +
    </tr>
 +
    <tr>
 +
        <td width=500>[[File:{{{file_ipsec_main_mode}}}]]</td>
 +
        <td width=500>[[File:{{{file_ipsec_aggressive_mode}}}]]</td>
 +
    </tr>
 +
</table>
 +
----
 
[[File:{{{file_ipsec_phase}}}]]
 
[[File:{{{file_ipsec_phase}}}]]
   −
 
+
<table class="nd-mantable">
 +
    <tr>
 +
        <th>Field name</th>
 +
      <th>Value</th>
 +
      <th>Description</th>
 +
    </tr>
 +
    <tr>
 +
    <td>Encryption algorithm</td>
 +
        <td>DES | 3DES | AES128 | AES192 | AES256; Default: <b>3DES</b></td>
 +
        <td>Algorithm used for data encryption.</td>
 +
    </tr>
 +
    <tr>
 +
    <td>Authentication/Hash algorithm</td>
 +
        <td>MD5 | SHA1 | SHA256 | SHA384 | SHA512; Default: <b>SHA1</b></td>
 +
        <td>Algorithm used for exchanging authentication and hash information.</td>
 +
    </tr>
 +
    <tr>
 +
    <td>DH group/PFS group</td>
 +
        <td>MODP768 | MODP1024 | MODP1536 | MODP2048 | MODP3072 | MODP4096; Default: <b>MODP1536</b></td>
 +
        <td></td>
 +
    </tr>
 +
    <tr>
 +
    <td>Lifetime</td>
 +
        <td>integer; Default: <b>8 hours</b></td>
 +
        <td>Defines a time period after which the phase will re-initiate its exchange of information.</td>
 +
    </tr>
 +
</table>
    
===Pre-shared keys===
 
===Pre-shared keys===
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/35856"

Navigation menu