Specifications
VPN and the IPsec Protocol
108 AVM Access Server – 6 AVM Access Server for Experts
Architecture of the filter profiles
6.7 VPN and the IPsec Protocol
The AVM Access Server incorporates a complete implementation of
IPsec in conformance with the standards. Its features include:
AES, DES and 3DES encryption
payload compression with IPComp
authentication with MD5, SHA-1
authentication using pre-shared keys
XAuth and IKE mode configuration
Negotiation of an IPsec connection takes place using the “Internet Key
Exchange” (IKE) protocol. IKE negotiation results in a set of security pa-
rameters used in common with the remote site, known as a “security
association” (SA). IKE negotiation takes place in two phases. The first
phase is concerned primarily with authentication and with obtaining a
key for encrypted communication in Phase 2. Phase 1 generally yields
exactly one SA.
Global input filter
Masquerading/NAT
Upper incoming
filter profile
IPSec Decryption
ISDN / ADSL / GSM /
LAN
Global output filter
Masquerading/NAT
Upper outgoing
filter profile
IPSec Encryption
ISDN / ADSL / GSM /
LAN
Global forwarding
filter
Accept
Accept
Decrypted
data
Lower incoming
filter profile
Lower outgoing
filter profile