hi group ,
i have few doubts on ipsec vpns
1) In shared secret key derivation ..does the two parties depend on
configured pre shared key ? i mean does deffi hellman process depends on
pre shared key that is used for authentication.. ?
2) if the DH process does not depend on configured preshared key ...then how
two parties end up with a common shared secret key ..?? ..
3) in GET VPN with pre shared key as authentication method..... why there
is a need to generate rsa keys ..(private and public key ) ..gdoi..kek and
tek are protected by ISAKMP tunnel ..
....just wanted to know how tek is refreshed ...does the KS send TEK
(second time when IKE TUNNEL AGES OUT ) by encrypting it with GM's Public
key ...
4) ..when will GM use public key to encrypt the traffic.... i feel TEK
which is common for all GMs is used ..which is like symmetric key ...(same
key for encrypt and decrypt )
4) IN GET vpn TEK is conterminously refreshed by KS by encrypting it by
KEK....does that means KEK remains same as downloaded from KS..?
thanks in advance ,
Blogs and organic groups at http://www.ccie.net
Received on Fri Oct 22 2010 - 20:52:45 ART
This archive was generated by hypermail 2.2.0 : Mon Nov 01 2010 - 06:42:06 ART