Billion Electric Company BiGuard 30 Manual De Usuario
165
encryption, and is more vulnerable to Denial of Service attacks.
Phase II, known as Quick Mode, establishes symmetrical IPSec Security
Associations for both AH and ESP. It does this by negotiating IPSec parameters,
exchange nonces to derive session keys from the IKE shared secret, exchange DH
values to generate a new key, and identify which traffic this SA bundle will protect
using selectors (IDi and IDr payloads).
The following is an illustration on how data is handled with IKE:
Phase II, known as Quick Mode, establishes symmetrical IPSec Security
Associations for both AH and ESP. It does this by negotiating IPSec parameters,
exchange nonces to derive session keys from the IKE shared secret, exchange DH
values to generate a new key, and identify which traffic this SA bundle will protect
using selectors (IDi and IDr payloads).
The following is an illustration on how data is handled with IKE:
Start
Main Mode
Aggressive Mode
Quick Mode
With PFS
Quick Mode
Without PFS
Phase 1
Negotiate
ISAKMP SA
Mutual Authentication
Negotiate
ISAKMP SA
Mutual Authentication
Phase 2
Negotiate SAs
For AH and ESP
Negotiate SAs
For AH and ESP
Protected Data Transfer
New IPSec tunnel or Rekeying
or
or