Elements and Options Supported by Cisco Easy VPN Server
| Easy VPN is being rolled out in stages, and at this time, it supports some specific protocols and functions but not others. The following section details the protocols and functions that are supported. Authentication AlgorithmsAuthentication ensures that you know whom you are communicating with.
Authentication MethodsWhen not using Easy VPN, you have the ability to authenticate IPSec peers in one of three ways: preshared keys; Rivest, Shamir, and Adleman (RSA) signatures; and RSA encrypted nonces .
Diffie-Hellman GroupsThe Diffie-Hellman (D-H) algorithm provides the ability to establish a shared secret key over an insecure communication channel. There are a number of D-H groups that are identified by number.
IKE Encryption AlgorithmsEncryption provides the ability to turn cleartext data into ciphertext , thus rendering the data unreadable until decrypted by authorized devices or users.
IPSec Encryption AlgorithmsIPSec supports an additional encryption algorithm, NULL. However, even though Cisco refers to NULL as an encryption algorithm, it provides no confidentiality whatsoever.
IPSec ProtocolsIPSec has two main protocols, Authentication Header (AH) and Encapsulating Security Payload (ESP). In addition, IPSec also supports the Stacker compression based on the Lempel-Ziv algorithm.
IPSec ModesThe two tunnel types with IPSec are transport mode and tunnel mode.
 |
