The following table lists terms and definitions used in this IPsec configuration discussion.
IPsec Configuration Terms and Definitions
| Term | Definition |
|---|---|
| Encapsulating Security Payload (ESP) | An IPv4 and IPv6 packet header designed to provide a mix of security services including: confidentiality, data origin authentication, connectionless integrity, depending upon supported and configured SA configuration. |
| Encryption | The process of transforming information, usually referred to as plaintext, using an algorithm, called a cipher, to make it unreadable to anyone except those possessing the associated key. |
| ESP Authenticity | An ESP feature that ensures that the owner of the packet is who he claims to be. |
| ESP Confidentiality | An ESP feature that ensures that information is accessible only to those authorized to have access. |
| ESP Integrity | An ESP feature, also referred to as data authentication, that ensures that the contents of the packet have not been tampered with. |
| Hash | The Secure Hash Algorithm 1 (SHA1) hash algorithm is used during phase 1 negotiation between the SA authenticating devices. |
| IKE Diffie-Hellman Group | A method of exchanging keys allowing two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. |
| IKE Map | A bundling of all algorithms and parameters that make up the SA. |
| IKE Policy | A combination of security parameters that exist both locally and on the peer, to be used during the IKE SA negotiation. |
| IKE Proposal | A set of parameters applied to both Phase I and Phase II IPSec negotiations during which the two peers establish a secure connection by which they then negotiate the Phase 2 parameters. |
| Initial Contact | A feature that when enabled sends an initial contact message to the peer upon reboot instructing the peer to delete old SAs. |
| Internet Key Exchange protocol (IKE) | The protocol used to set up a Security Association (SA) in the IPsec protocol suite. |
| IPsec | The Internet Protocol Security Architecture, defined in RFC 4301, that provides a set of security services for traffic at the IP layer in both IPv4 and IPv6 environments. |
| Security Association (SA) | The establishment of shared security attributes between two network entities to support secure communication within the IPsec protocol suite. |
| Security Parameter Index (SPI) | An index to the security association database that helps in differentiating between two traffic streams where different encryption rules and algorithms may be in use. |
Print
this page
Email this topic
Feedback
View PDF
Download EPUB