Cisco Cisco Packet Data Interworking Function (PDIF)
Security Gateway Overview
▀ Standards
▄ SecGW Administration Guide, StarOS Release 18
24
Standards
Compliant
RFC 1853 – IP in IP Tunneling
RFC 2401 – Security Architecture for the Internet Protocol
RFC 2402 – IP Authentication Header
RFC 2406 – IP Encapsulating Security Payload (ESP)
RFC 2407 – The Internet IP Security Domain of Interpretation for ISAKMP
RFC 2408 – Internet Security Association and Key Management Protocol (ISAKMP)
RFC 2409 – The Internet Key Exchange (IKE)
RFC 2410 – Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP)
RFC 3280 – Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
RFC 3554 – On the Use of Stream Control Transmission Protocol (SCTP) with IPsec [Partially compliant,
ID_LIST is not supported.]
RFC 4306 – Internet Key Exchange (IKEv2) Protocol
RFC 4718 – IKEv2 Clarifications and Implementation Guidelines
RFC 5996 – Internet Key Exchange Protocol Version 2 (IKEv2)
Hashed Message Authentication Codes:
AES 96
MD5
SHA1/SHA2
X.509 Certificate Support – maximum key size = 2048
Non-compliant
Standards
RFC 3173 – IP Payload Compression Protocol (IPComp)
RFC 5723 – Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption
RFC 5840 – Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility
RFC 5856 – Integration of Robust Header Compression over IPsec Security Associations
Hashed Message Authentication Codes
HMAC AES 128 GMAC