Other IPSec Encryption Standards

Other IPSec Encryption Standards

IPSec employs several different technologies to provide a complete system of confidentiality, integrity, and authenticity. These technologies are as follows:

• Message Digest 5 (MD5)–A hash algorithm is used to authenticate packet data.

• Secure Hash Algorithm-1 (SHA-1)–A hash algorithm is used to authenticate packet data.

• Diffie-Hellman (DH)–A key exchange standard allows two parties to establish a shared secret key to be used by encryption algorithms.

• Rivest, Shamir, and Adelman Signatures (RSA)–A public-key cryptographic system used for authentication.

• Internet Key Exchange (IKE)–A hybrid protocol that provides setup utility services for IPSec, including authentication of the IPSec peers, negotiation of IKE and IPSec security associations (SAs), and establishment of keys for encryption algorithms used by IPSec.

• Certificate authority (CA)–Cisco router and PIX Firewall support of CAs allows the IPSec-protected network to scale by providing the equivalent of a digital ID card for each device.

  Note

  Internet Security Association Key Management Protocol (ISAKMP) is synonymous with IKE in Cisco router or PIX Firewall configuration commands. The keyword ISAKMP is always used instead of IKE.