IPSec—IP Security Protocol. IPSec is a framework of open standards that provides data confidentiality, data integrity, and data authentication between participating peers. IPSec provides these security services at the IP layer; it uses IKE to handle negotiation of protocols and algorithms based on local policy and to generate the encryption and authentication keys to be used by IPSec. IPSec can be used to protect one or more data flows between a pair of hosts, between a pair of security gateways, or between a security gateway and a host | APPENDIX E Supported VPN Standards This appendix lists the VPN standards supported by PIX Firewall version . It contains the following sections IPSec Internet Key Exchange IKE Certification Authorities CA IPSec IPSec IP Security Protocol. IPSec is a framework of open standards that provides data confidentiality data integrity and data authentication between participating peers. IPSec provides these security services at the IP layer it uses IKE to handle negotiation of protocols and algorithms based on local policy and to generate the encryption and authentication keys to be used by IPSec. IPSec can be used to protect one or more data flows between a pair of hosts between a pair of security gateways or between a security gateway and a host. IPSec is documented in a series of Internet RFCs all available at the following website http The overall IPSec implementation is guided by Security Architecture for the Internet Protocol RFC 2401. Internet Key Exchange IKE A hybrid protocol that implements Oakley and SKEME key exchanges inside the Internet Security Association and Key Management Protocol ISAKMP framework. While IKE can be used with other protocols its initial implementation is with the IPSec protocol. IKE provides authentication of the IPSec peers negotiates IPSec security associations and establishes IPSec keys. IPSec as implemented in PIX Firewall supports the following additional standards AH Authentication Header. A security protocol that provides data authentication and optional anti-replay services. AH is embedded in the data to be protected a full IP datagram . The AH protocol RFC 2402 allows for the use of various authentication algorithms PIX Firewall has implemented the mandatory MD5-HMAC RFC 2403 and SHA-HMAC RFC 2404 authentication algorithms. ESP Encapsulating Security Payload. A security protocol that provides data privacy services and optional data authentication and anti-replay services. ESP .
