Network Systems DesignLine | IPsec, a Tutorial--Part XI

Get the latest news, products and how-to information on network systems. Sign up for the Network Systems DesignLine newsletter, a weekly e-mail guide dedicated to the needs of engineers developing networking equipment and components. Here is our RSS feed.








 Network Systems DesignLine » How-To » IP Networking

 
 HOW-TO : IP Networking

IPsec, a Tutorial--Part XI

Part XI of a Network Systems DesignLine multi-series excerpt from Chapter 2: IPsec Fundamentals from the book IPsec Virtual Private Network Fundamentals is the final chapter segment. The segment covers configuring ISAKMP, IKE with RAVPN extensions, and a chapter summary.
By James Henry Carmouche Print This Story Send As Email Discuss This Story Reprints

Page 1 of 3

Network Systems Designline
(01/15/2007 0:38 AM EST)

Rate this article
WORSE | BETTER
1 2 3 4 5
Here are Parts 1-10: I, II, Part III, Part IV, and Part Vand Part VI, Part VII, Part VIII, Part IX, Part X

Configuring ISAKMP
In order to successfully configure two crypto endpoints to establish an ISAKMP SA, the security administrator must instruct the crypto endpoints to accept the appropriate security proposals, apply those security proposals to a crypto map, and apply that crypto map to the appropriate crypto interface or interfaces. The following provides a brief list of tasks to be executed when creating an ISAKMP policy:

  1. Define the ISAKMP policy. Within the ISAKMP policy, define security parameters to be used with ISAKMP provided in the following list:
    • Authentication Method
    • Authentication Hash Algorithm
    • Encryption Cipher
    • Diffie-Hellman MODP Group
  2. Instruct the crypto map to reference ISAKMP policies to negotiate ISAKMP SAs and IPsec SAs.
  3. Apply the crypto map to the appropriate crypto interfaces. This will enable ISAKMP and IPsec SA negotiation using IKE on those crypto interfaces.

When ISAKMP policies are referenced in crypto maps, the priority keyword identifies the preference that the initiator expresses to the responder when selecting security proposals in IKE Phase I exchange. In Example 17, James requests that ISAKMP policy 20 be selected for IKE Phase I negotiation with Charlie. Charlie will try to accept ISAKMP policy 20, but, because he has no matching security proposal, he will select ISAKMP policy 10. James and Charlie will use ISAKMP policy 20 for IKE Negotiation, as illustrated in Figure 28. Example 17 provides the ISAKMP policy configuration corresponding to the exchange illustrated in Figure 28.


Example 17. James and Charlie Use ISAKMP Policies for IKE Negotiation


Figure 28.



Page 2: next page Print This Story Send As Email Discuss This Story Reprints

Page 1 | 2 | 3


 
eSearch  

 Top 5 Most Read
 How-To Stories
1. 2. 3. 4. 5.

 Top 5 Most Read
 News Stories
1. 2. 3. 4.

  • Introduction to Optical Transmission Systems

    		•
  • Optimizing Embedded Systems for Broadband 10 Gigabit Ethernet Connectivity

    		•
  • Interfacing a DS3231 with an 8051-Type Microcontroller

    		•
    The entire library >>  

    		 
     Top 5 Most Read
     Product Stories
    1. 2. 3. 4. 5.

     Sponsor

    EE Times TechCareers
    Search Jobs

    Enter Keyword(s):


    Function:


    State:
      

    Post Your Resume
    -----------------
    Employers Area
    Most Recent Posts
    Boeing seeking Embedded Software Engineer 5 in Huntington Beach, CA

    SEL seeking Lead DSP Engineer in Pullman, WA

    SEL seeking Power Systems Instructor in Pullman, WA

    Rutland Regional Medical seeking Server Engineer in Rutland, VT

    Osram Sylvania seeking Mechanical Design Engineer in Danvers, MA

    More career-related news, resources and job postings for technology professionals


     Tech Library
    ¤ Looking for the appropriate Industry Association? This comprehensive, up-to-date list will take you to the right Web site for the help you need.

    ¤ Got a question about a standard? Here are direct links to resources detailing the industry's most important communications standards.

    ¤ Freshen up on technology, new and old, with these links to interesting and informative tutorials.

    More from TechLibrary
    Welcome to our DesignLine network of web communities. On these sites, we provide practical how-to technical information for engineers and engineering managers involved in Automotive,audio, DSP, DTV, EDA, Industrial Control, Mobile Handset, Power Management, Programmable Logic,RF,Video, and Wireless networking design. Check out the sites and let us know your thoughts.
    		 



    HOME  |  ABOUT  |  FEEDBACK  |  CONTACT
    Career Center | CommsDesign.com | Embedded.com | EE Times | TechOnline
    Planet Analog | DeepChip | eeProductCenter | Electronic Supply & Manufacturing | Webinars


    All material on this site Copyright © 2006 CMP Media LLC. All rights reserved
    Privacy Statement | Your California Privacy Rights | Terms of Service