Re: unable to get GET !!plz help

thanks *for answer *

just to further clarify , do you mean , kek is the one that gm's obtained
during DH stage of isakmp ???

or are we getting 5 different keys 1) shared secret key
...........................isakmp
                                                 2) PUB KEY
                                                  3) priv key
                                                  4) kek
                                                  5) tek

if we are not getting 5 different keys than kindly clarify which keys are
overlapping .

On Thu, Nov 18, 2010 at 7:53 AM, Tyson Scott <tscott_at_ipexpert.com> wrote:

> the PUB key of the key server is used to identify the server to the group
> members during rekey
>
> *KEK is used between the GM's and the Key server. Comparable to ISAKMP
> Phase
> 1
> *
>

> TEK, comparable to Phase 2, is sent to the GM's from the KS's to keep the
> proxy identities consistent thus maintaining an accurate encryption domain.
>
> Regards,
>
> Tyson Scott - CCIE #13513 R&S, Security, and SP
> Managing Partner / Sr. Instructor - IPexpert, Inc.
> Mailto: tscott_at_ipexpert.com
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> ehtesham ali
> Sent: Wednesday, November 17, 2010 7:29 PM
> To: ccielab_at_groupstudy.com
> Subject: Re: unable to get GET !!plz help
>
> kindly note that i m not using any certificates for isakmp tunnel . ie my
> isakmp tunnel is only based on pre shared key .
>
> On Thu, Nov 18, 2010 at 5:51 AM, ehtesham ali
> <conect2ehtesham_at_gmail.com>wrote:
>
> > hi group , really confused with different keys used in GET vpn
> >
> > my understanding ,
> > * initial protection is provided by isakmp tunnel where gm's download kek
> ,
> > tek and acl.
> >
> > *now when gm talk to another gm he will use tek which is common for all
> .
> > sounds like symmetric key.
> >
> > * isakmp vanishes , tek key refreshment timer expires , now the next tek
> is
> > encrypted with kek and pushed by key server.
> >
> > questions ?
> >
> > where i m confused : when will the ks , gm's used RSA private and public
> > keys ???
> >
> > is it that ks uses gm's public keys to send new tec ???
> >
> > As tec is refreshed periodically by encrypting it with kek. does that
> mean
> > kek remains same ie constant as downloaded from ks and ONLY TEC CHANGES
> > .?
> >
> > ---> kindly tell me the application of private and pulic keys in gdoi
> > environment
> >
> > thanks in advanced
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Nov 18 2010 - 09:08:22 ART