分类:
2008-08-21 02:23:32
AH and ESP define encryption and authentication methods for IP payloads. IKE and ISAKMP manage the exchange of secret keys, authenticate the communicating parties, and manage their security associations (SA). IKE dynamically manages and generates the secret cryptography keys used to encrypt and authenticate IP packets. ISAKMP/Oakley allows a receiver to obtain a public key and authenticate a sender using digital certificates.
IPSec supports two encryption modes: Transport and Tunnel. In Transport mode, IPSec provides host-to-host security for a host running IPSec from HP or non-HP vendors. Transport mode encrypts only the data (payload) of each packet, leaving the header unencrypted. In Tunnel mode, IPSec implements tunnels to a gateway running IPSec from non-HP vendors. Tunnel mode encrypts both the header and the payload; the receiving IPSec-compliant device must decrypt each packet.