IKE_AUTH: negotiates security parameters to protect production traffic (CHILD_SA).SK_d (derivation): handed to IPSec to generate encryption and optionally authentication keys for production traffic.SK_a (authentication): computed for each direction (one for outbound and one for inbound) to hash (using HMAC) IKE_AUTH messages.SK_e (encryption): computed for each direction (one for outbound and one for inbound) to encrypt IKE_AUTH messages.
Also creates a seed key (known as SKEYSEED) where further keys are produced:.IKE_SA_INIT: negotiate security parameters to protect the next 2 messages (IKE_AUTH).Understanding IPSec IKEv1 negotiation on Wireshark 1 The Big Picture
0 kommentar(er)
