IKEv2/IPsec

The BR-MLX-10Gx4-IPSEC-M interface module supports creation of virtual private network (VPN) using the IPsec protocol. The IKEv2 protocol is used to negotiate the IPsec service parameters for the VPN.
Note

Note

VLL with RSVP is not supported over IPsec tunnel in any mode of operation in the device.
Note

Note

For Extreme MLXe series devices, the operator shall always enter a minimum 112-bit IKEv2 Pre-Shared Key (PSK).

IPsec critical security parameters

The following parameters make up the IPsec critical security parameters.
  • IKEv2 DH Group-14 Private Key 2048 bit MODP
  • IKEv2 DH Group-14 Shared Secret 2048 bit MODP
  • IKEv2 DH Group-14 Public Key 2048 bit MODP
  • IKEv2 ECDH Group-19 Private Key (P-256)
  • IKEv2 ECDH Group-19 Shared Secret (P-256)
  • IKEv2 ECDH Group-19 Public Key (P-256)
  • IKEv2 ECDH Group-20 Private Key (P-384)
  • IKEv2 ECDH Group-20 Shared Secret (P-384)
  • IKEv2 ECDH Group-20 Public Key (P-384)
  • IKEv2 ECDSA Private Key (P-256)
  • IKEv2 ECDSA Private Key (P-384)
  • IKEv2 ECDSA Public Key (P-256)
  • IKEv2 ECDSA Public Key (P-384)
  • IKEv2 Encrypt/Decrypt Key
  • IKEv2/IPSec Integrity Key
  • IKEv2 KDF State
  • IKEv2 Pre-Shared Key (PSK)
  • IPsec ESP Encrypt/Decrypt Key
9037139-00 Rev AA