ISAKMP and IPSec Rookie question

Discussion in 'Server Networking' started by Fredly, Jan 26, 2005.

  1. Fredly

    Fredly Guest

    I have a tech wanting to help implement a site-to-site VPN for us. He asked
    about our topology and then says

    "We will build an ISAKMP and IPSec policy once we have this information and
    forward you that policy so you can setup on your end"

    In English, what does that mean?

    I don't want to look totally in the dark...
     
    Fredly, Jan 26, 2005
    #1
    1. Advertisements

  2. The link below will give you the jist of things. Ipsec can be configured to
    secure traffic in tunnel mode between two gateways. I don't know exactly how
    your setup will be whether it is between two routers or what. Generally you
    will need a way for both ends to authenticate to each other which usually is
    a common pre shared key [PSK] or computer certificate. After that each
    endpoint needs to know the IP address of the other endpoint, the local lan
    subnet that the other end of the tunnel, possibly a SID, and encryption and
    authentication protocols used such as 3DES and SHA1 for ESP which will be
    used to encrypt the data. Good luck. --- Steve

    http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp
    http://support.microsoft.com/default.aspx?scid=kb;en-us;816514
     
    Steven L Umbach, Jan 26, 2005
    #2
    1. Advertisements

  3. Fredly,

    An ISAKMP policy refers to the configuration settings used for the Main Mode
    or Phase 1 negotiation. During this phase of the negotiation the peer
    machines authenticate each other and exchange the security algorithms they
    want to used to set up a secure "channel" for the Phase 2 or Quick Mode
    negotiation.

    An IPsec policy refers to the configuration settings used for the Quick
    Mode/Phase 2 negotiation. During this phase the actual traffic is secured.

    As mentioned, these configuration settings are security related
    settings -such as authentication method, encryption and integrity algorithms
    etc.
     
    Louise Bowman [MSFT], Jan 27, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.