Manual

Security Gateway Overview

▀ Standards

▄ SecGW Administration Guide, StarOS Release 17

Standards

Compliant

 RFC 1853 – IP in IP Tunneling

 RFC 2401 – Security Architecture for the Internet Protocol

 RFC 2402 – IP Authentication Header

 RFC 2406 – IP Encapsulating Security Payload (ESP)

 RFC 2407 – The Internet IP Security Domain of Interpretation for ISAKMP

 RFC 2408 – Internet Security Association and Key Management Protocol (ISAKMP)

 RFC 2409 – The Internet Key Exchange (IKE)

 RFC 2410 – Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP)

 RFC 3280 – Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

 RFC 3554 – On the Use of Stream Control Transmission Protocol (SCTP) with IPsec [Partially compliant,

ID_LIST is not supported.]

 RFC 4306 – Internet Key Exchange (IKEv2) Protocol

 RFC 4718 – IKEv2 Clarifications and Implementation Guidelines

 RFC 5996 – Internet Key Exchange Protocol Version 2 (IKEv2)

 Hashed Message Authentication Codes:

 AES 96

 MD5

 SHA1/SHA2

 X.509 Certificate Support – maximum key size = 2048

Non-compliant

Standards

 RFC 3173 – IP Payload Compression Protocol (IPComp)

 RFC 5723 – Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption

 RFC 5840 – Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility

 RFC 5856 – Integration of Robust Header Compression over IPsec Security Associations