The following table lists terms and definitions used in this IPsec configuration discussion.
Term | Definition |
---|---|
Encapsulating Security Payload (ESP) | An IPv4 and IPv6 packet header designed to provide a mix of security services including: confidentiality, data origin authentication, connectionless integrity, depending upon supported and configured SA configuration. |
Encryption | The process of transforming information, usually referred to as plaintext, using an algorithm, called a cipher, to make it unreadable to anyone except those possessing the associated key. |
ESP Authenticity | An ESP feature that ensures that the owner of the packet is who he claims to be. |
ESP Confidentiality | An ESP feature that ensures that information is accessible only to those authorized to have access. |
ESP Integrity | An ESP feature, also referred to as data authentication, that ensures that the contents of the packet have not been tampered with. |
Hash | The Secure Hash Algorithm 1 (SHA1) hash algorithm is used during phase 1 negotiation between the SA authenticating devices. |
IKE Diffie-Hellman Group | A method of exchanging keys allowing two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. |
IKE Map | A bundling of all algorithms and parameters that make up the SA. |
IKE Policy | A combination of security parameters that exist both locally and on the peer, to be used during the IKE SA negotiation. |
IKE Proposal | A set of parameters applied to both Phase I and Phase II IPSec negotiations during which the two peers establish a secure connection by which they then negotiate the Phase 2 parameters. |
Initial Contact | A feature that when enabled sends an initial contact message to the peer upon reboot instructing the peer to delete old SAs. |
Internet Key Exchange protocol (IKE) | The protocol used to set up a Security Association (SA) in the IPsec protocol suite. |
IPsec | The Internet Protocol Security Architecture, defined in RFC 4301, that provides a set of security services for traffic at the IP layer in both IPv4 and IPv6 environments. |
Security Association (SA) | The establishment of shared security attributes between two network entities to support secure communication within the IPsec protocol suite. |
Security Parameter Index (SPI) | An index to the security association database that helps in differentiating between two traffic streams where different encryption rules and algorithms may be in use. |