National Institute of Standards and Technology, this hash algorithm is used to authenticate
packet data.
MD5 and SHA.
one of the greatest challenges facing early implementers of network-layer encryption. Digital
certificate technology lets devices easily authenticate each other in a manner that scales to very
large networks. Many organizations are currently implementing a public key infrastructure
(PKI) to manage digital certificates across a wide variety of applications, including virtual
private networks (VPNs), secure e-mail, secure Web access, and other applications that require
security. Cisco's implementation of IPSec is interoperable with several leading PKI vendors.
(Oakley could be considered an enhanced Diffie-Hellman.) IPSec is a public-key method of key
exchange that uses the Diffie-Hellman/Oakley mechanisms to allow the end devices to come up
with a common shared key dynamically, rather than preconfiguring all the public/private key
parameters on all the routers. They accomplish this by exchanging a complicated set
of numbers.
need to have crypto map statements pointing to each other. That's where the Internet Key
Exchange (IKE) comes in. IKE is the process of exchanging keys with IPSec. IKE enhances
IPSec by providing additional features, flexibility, and ease of configuration for the IPSec
standard, along with authenticating each peer in an IPSec transaction. IKE was formerly known
as ISAKMP/Oakley and is a hybrid of three key exchange mechanisms:
a series of key exchanges.
refreshment.