Hi,
1. PSK is for authentication. You need separate keys for the remaining phase
I exchange (integrity + encryption) + to derive keys for IPSec.
2. Yes, partially.
3. Group 1 on IOS and group 2 on the ASA, I believe.
Cheers,
Piotr
On Tue, Jun 8, 2010 at 3:25 PM, ehtesham ali <conect2ehtesham_at_gmail.com>wrote:
> HI experts ,
> i need to ask few questions about deffi hellman process of driving shared
> secret key ,
>
> 1) R1---------------------R2 are trying to peer with each other using ipsec
> , let say both use cisco as a password (pre-shared key ).
> since we already have a pre-shared key for encryption why do i need DH
> process again to derive SHARED SECRET KEY ?
>
> 2) IS SHARED SECRET key derived from pre-shared key ?
>
> 3) for a site -to site and remote access tunnel what is default DH gr no
> .?
>
>
> Thanks
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Piotr Kaluzny CCIE #25665 (Security), CCSP, CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com Blogs and organic groups at http://www.ccie.netReceived on Tue Jun 08 2010 - 16:15:41 ART
This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 09:11:37 ART