IKE requires that two systems use the same authentication method to verify each other's identity. Intel® Packet Protect supports the following:
After IKE verifies the identity of each system, it negotiates which IPSec settings to use to protect the communication after negotiation. Intel Packet Protect comes with pre-defined IPSec options, or you can create your own.
Each system must agree upon the IPSec settings to use before IKE can establish a protected communication for data transfer.
Intel Packet Protect comes with pre-defined IPSec settings, called security actions. These security actions are designed for maximum compatibility between systems using Intel Packet Protect and other IPSec products.
A system that requests a protected communication proposes its IPSec settings to the system with which it is trying to communicate. The IPSec settings include a list of algorithm combinations that appear in order of preference. The other system must allow one of these defined algorithm combinations; otherwise, the communication is not allowed using IPSec.
Although it is recommended that you use the pre-defined IPSec settings (security actions) that come with Intel Packet Protect, you can also create your own to meet your custom corporate security guidelines. If you create your own, keep in mind that two systems must agree on certain settings in order to communicate using IPSec.
The following diagram illustrates failed IKE negotiations due to mismatched settings.
The following diagram illustrates successful IKE negotiations due to matched settings
More information: See Setting up Entrust Entelligence.
Copyright © 2000, Intel Corporation. All rights reserved.
Intel Corporation assumes no responsibility for errors or omissions in this document. Nor does Intel make any commitment to update the information contained herein.
* Other product and corporate names may be trademarks of other companies and are used only for explanation and to the owners' benefit, without intent to infringe.