Tuesday, December 28, 2010

Juniper VPN Proposal - Made Easy

IKE Phase 1 Proposal:

* Method: indicates whether preshared key (“pre”) or digital certificates (using “RSA”-Sig or “DSA”-Sig) are used as the authentication method

* DH Group: Indicates the Diffie-Hellman group used for the key generation or exchange (“g1”, “g2” or “g5”)

* Encrypt: Indicates the encryption algorithm (“3DES”, “DES” or “AES”)

* Auth: Indicates the hash algorithm (“MD5” or “SHA-1”)

Values:
--------
(pre|dsa|rsa)   (g1|g2|g5)    (DES|3DES|AES)    (MD5|SHA1)

Examples of a Phase 1 proposal include:
---------------------------------------
* pre-g1-des-md5
* dsa-g2-3des-sha1
* rsa-g5-aes128-md5
* or the current de-facto standard: pre-g2-3des-sha1

IPSEC Phase 2 Proposal:

* PFS: Indicates whether PFS is not being used (“nopfs”) or if it is, which DH group is being applied (“g1”, “g2” or “g5”).

* Encapsulation: Whether the ESP (“esp”) protocol is being used for encryption and authentication, or just the AH (“ah”) protocol.

* Encryption :  Indicates the encryption algorithm (“DES”, “3DES” or “AES”)

* Authentication:  Indicates  the hash algorithm (“MD5” or “SHA1”)
Valeurs:
--------
(nopfs|g1|g2|g5)   (ESP|AH)    (DES|3DES|AES)    (MD5|SHA1)

Examples of a Phase 2 proposal include:
---------------------------------------
* nopfs-esp-des-md5
* g1-ah-null-sha1
* And the defacto standard: g2-esp-3des-sha1

No comments:

Post a Comment