Manualshelf

HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
191192193194195196197198199200
Troubleshooting HP-UX IPSec
IPsec Operation
Chapter 7192
2. Establish IKE SA
The two systems complete the establishment of the IKE SA. The IKE
SA is the “master” SA that the two systems use as a secure channel
to negotiate the SAs for AH and/or ESP packets. IKE supports two
methods, or exchange types, for establishing the IKE SA—Main
Mode and Aggressive Mode.
3. Establish IPsec SAs
Once an IKE SA is established, the two systems have a secure
channel for negotiating IPsec or Quick Mode SAs (IPsec SAs). The
IPsec SAs determine the HP-UX IPSec transformation(s) used (AH
and/or ESP), the encryption keys for AH/ESP and other parameters.
Two IPsec SAs are established: one for packets from the local system
to the remote system and one for packets from the remote system to
the local system.
Note that one IKE SA can be used to negotiate multiple pairs of IPsec
SAs.