Checking for Compatible Policies

Previous page
Table of content
Next page

If you have an IPSec router that will connect to many peers, you must have at least one compatible Phase 1 policy as well as one compatible Phase 2 policy. When IKE phase 1 first begins, the initiator sends all available Phase 1 policies to the receiver. The receiver matches their highest priority policies against the sender's highest priority policy. If they are compatible, that is, they match, then those policies will be used to create the IKE Phase 1 SA. If they do not match, the receiver will continue checking their highest-priority policy against the second highest priority policy of the initiator and so on until a valid match is made. The exact same thing happens for IKE Phase 2 policies.


Previous page
Table of content
Next page
CCSP SECUR Exam Cram 2
CCSP SECUR Exam Cram 2 (642-501)
ISBN: B000MU86IQ
EAN: N/A
Year: 2003
Pages: 291
Authors: Raman Sud
BUY ON AMAZON
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Information Dashboard Design: The Effective Visual Communication of Data
Microsoft WSH and VBScript Programming for the Absolute Beginner
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy