Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
0
Helpful
1
Replies

Understanding IKE VPN3000

hiblermar
Level 1
Level 1

‎10-09-2005 02:02 AM

Hi all together,

I still have a problem understanding the IKE settings in the VPN 3000 Concentrator. Can someone tell me for what purpose the IKE Parameters under Configuration | Policy Management | Traffic Manangement | SAs are good for?

In my understanding the order of establishing a tunnel is:

1. Client sends IKE proposals to the concentrator. The concentrator looks in the active proposals (Configuration | Tunneling and Security | IPSec | IKE Proposals) and uses the first matching proposal to handle IKE Phase 1

2. The user group's IPSec SA (Configuration | User Management | groups | IPSec tab | IPSec SA) is used for IKE Phase 2. These IPSec Parameters are configured in the section "IPSec Paramters" in Configuration | Policy Management | Traffic Management | SAs.

I don't understand for what the IKE parameters are good for. Perhaps someone can tell me.

Thanks a lot for your help.

Markus

Labels:
0 Helpful
1 Reply 1

pradeepde
Level 5
Level 5

‎10-14-2005 05:17 AM

IKE provides these benefits:

1.Eliminates the need to manually specify all the IPSec security parameters in the crypto maps at both peers.

2.Allows you to specify a lifetime for the IPSec security association.

3.Allows encryption keys to change during IPSec sessions.

4.,Allows IPSec to provide anti-replay services.

5.Permits CA support for a manageable, scalable IPSec implementation.

6.Allows dynamic authentication of peers.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents