IKE Phase 2
After the tunnel is secured and authenticated, in Phase 2 the channel is further secured for the transfer of data between the networks. IKE Phase 2 uses the keys that were established in Phase 1 of the process and the IPSec Crypto profile, which defines the IPSec protocols and keys used for the SA in IKE Phase 2.
The IPSEC uses the following protocols to enable secure communication:
- Encapsulating Security Payload (ESP)—Allows you to encrypt the entire IP packet, and authenticate the source and verify integrity of the data. While ESP requires that you encrypt and authenticate the packet, you can choose to only encrypt or only authenticate by setting the encryption option to Null; using encryption without authentication is discouraged.
- Authentication Header (AH)—Authenticates the source of the packet and verifies data integrity. AH does not encrypt the data payload and is unsuited for deployments where data privacy is important. AH is commonly used when the main concern is to verify the legitimacy of the peer, and data privacy is not required.
Diffie Hellman (DH) exchange options supported
Encryption algorithms supported
Triple Data Encryption Standard (3DES) with a security strength of 112 bits
Advanced Encryption Standard (AES) using cipher block chaining (CBC) with a security strength of 128 bits
AES using CBC with a security strength of 192 bits
AES using CBC with a security strength of 256 bits
AES using Counter with CBC-MAC (CCM) with a security strength of 128 bits
AES using Galois/Counter Mode (GCM) with a security strength of 128 bits
AES using GCM with a security strength of 256 bits
Data Encryption Standard (DES) with a security strength of 56 bits
Authentication algorithms supported
Recommended For You
Recommended videos not found.