Re: [Users] IKE Quick Mode ( Phase 2 )

• Next message: Tore Micaelsen: "[Users] Routing trough ipsec vpn"
• Previous message: Harry Brueckner: "Re: [Users] Several users configuration"
• In reply to: Gianluca Scuto: "[Users] IKE Quick Mode ( Phase 2 )"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Gianluca Scuto wrote:

> 1) After IKE phase 1 ( Main Mode ) , I have already accomplished the
> negotiations of encryption, hashing and authentication algorithms, the
> public keys and random numbers for D.-H. exchange and the authentication
> of the two parties ( It's correct, isn't it ? ). The following Quick
> Mode phase 2 is needed only for refreshing keys, isn't it ? To be clear,
> which is the scope of Quick Mode phase 2 ? What exactly do I need to
> send in the three messages of Quick Mode phase 2 ? Unfortunately the
> paragraph 5.5 of rfc 2409 is not so clear for me.

IIRC in phase 2 the security associations (SA) for ESP/AH are
negotiated. If you use PFS a new D.-H. process is used to generate the
keys used by ESP/AH. All that stuff is encrypted with the keys generated
in phase 1.

> 2) What does the ISAKMP header contain ? What exactly are the cookies
> and the message ID in it ?

Isn't that described in rfc 2408 - ISAKMP?

> 3) When can I start to send IP datagram on my IPSec tunnel ? After phase
> 1 or phase 2 ?

After Phase 2.

HTH
GTi

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Tore Micaelsen: "[Users] Routing trough ipsec vpn"
• Previous message: Harry Brueckner: "Re: [Users] Several users configuration"
• In reply to: Gianluca Scuto: "[Users] IKE Quick Mode ( Phase 2 )"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST