IPSec and IKE [7:23599]
Can anyone please explain to me what is the difference between IPSec and IKE? I understand that IP Sec is just IP Security, which provides IP network layer encryption and authentication to end-to-end security on an infrastructure, but what's IKE? I read the Cisco MCNS book from Chapter 15 to 17 many times, yet I'm still very confused. Any help will be greatly appreciated. Best Regards, Hunt Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23599&t=23599 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPSec and IKE [7:23599]
I had the same problem as you before. Below link is what I think most clear one in this. Need partner login though. http://www.cisco.com/warp/customer/cc/so/neso/sqso/eqso/ipsec_wp.htm CCIE Study Professional Checklist http://www.geocities.com/berdde/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hunt Lee Sent: Saturday, October 20, 2001 9:16 AM To: [EMAIL PROTECTED] Subject: IPSec and IKE [7:23599] Can anyone please explain to me what is the difference between IPSec and IKE? I understand that IP Sec is just IP Security, which provides IP network layer encryption and authentication to end-to-end security on an infrastructure, but what's IKE? I read the Cisco MCNS book from Chapter 15 to 17 many times, yet I'm still very confused. Any help will be greatly appreciated. Best Regards, Hunt Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23600&t=23599 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPSec and IKE [7:23599]
In a nutshell, IPSEC is encryption methodology open standard. IPSEC SAs can be configured using IKE or manual keying. IKE saves time and manual work in hub and spoke configurations. It is an algorithm that uses policy to determine matching parameters with the other side. In absence of IKE, you would have to configure each parameter manually on all participating routers and clients. IKE is called phase I negotiation, which ensures that peer is who it says it is. -Keyur Shah- CCIE# 4799 (Security; Routing and Switching) CSS1,CCNA,CCDA,SCSA,SCNA,MCT,MCSE,MCP+I,MCP,CNI,MCNE,CNE,CNA Hello Computers "Say Hello to Your Future!" http://www.hellocomputers.com Toll-Free: 1.877.794.3556 International: 1.510.795.6815 Eurpoe: +(44)20 7900 3011 Fax: 1.510.291.2250 -Original Message- From: Hunt Lee [mailto:[EMAIL PROTECTED]] Sent: Friday, October 19, 2001 6:16 PM To: [EMAIL PROTECTED] Subject: IPSec and IKE [7:23599] Can anyone please explain to me what is the difference between IPSec and IKE? I understand that IP Sec is just IP Security, which provides IP network layer encryption and authentication to end-to-end security on an infrastructure, but what's IKE? I read the Cisco MCNS book from Chapter 15 to 17 many times, yet I'm still very confused. Any help will be greatly appreciated. Best Regards, Hunt Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23630&t=23599 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPSec and IKE [7:23599]
Lee- I'm not sure if you realize that you're asking about a feature of IPSec. IKE stands for Internet Key Exchange and is a part of the Cisco IPSec process. I have a Cisco PDF from a class I took a year or so ago. Let me know if you are interested... All the best !!! Phil - Original Message - From: "Keyur Shah" To: Sent: Saturday, October 20, 2001 4:51 PM Subject: RE: IPSec and IKE [7:23599] > In a nutshell, > > IPSEC is encryption methodology open standard. IPSEC SAs can be configured > using IKE or manual keying. IKE saves time and manual work in hub and spoke > configurations. It is an algorithm that uses policy to determine matching > parameters with the other side. In absence of IKE, you would have to > configure each parameter manually on all participating routers and clients. > > IKE is called phase I negotiation, which ensures that peer is who it says it > is. > > -Keyur Shah- > CCIE# 4799 (Security; Routing and Switching) > CSS1,CCNA,CCDA,SCSA,SCNA,MCT,MCSE,MCP+I,MCP,CNI,MCNE,CNE,CNA > Hello Computers > "Say Hello to Your Future!" > http://www.hellocomputers.com > Toll-Free: 1.877.794.3556 > International: 1.510.795.6815 > Eurpoe: +(44)20 7900 3011 > Fax: 1.510.291.2250 > > > > > -Original Message- > From: Hunt Lee [mailto:[EMAIL PROTECTED]] > Sent: Friday, October 19, 2001 6:16 PM > To: [EMAIL PROTECTED] > Subject: IPSec and IKE [7:23599] > > > Can anyone please explain to me what is the difference between IPSec and > IKE? I understand that IP Sec is just IP Security, which provides IP network > layer encryption and authentication to end-to-end security on an > infrastructure, but what's IKE? I read the Cisco MCNS book from Chapter 15 > to 17 many times, yet I'm still very confused. > > Any help will be greatly appreciated. > > Best Regards, > Hunt Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23672&t=23599 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPSec and IKE [7:23599]
Personally speaking I am confused too. I am a CCSE and passed MCNS with perfect points on both on the IPSEC section and I still don't understand it perfectly. I can use the isakmp, crypto, and FW-1 commands effortlessly yet I really still don't know what the real difference is between IPSEC and IKE. I even read that like 70 page file from Cisco, deploying IPSec blah blah and I was just more confused. What I do really understand it ESP and AH. That is really clear and necessary to understand for transform sets. Watch me get a perfect on this section tomorrow on the Advanced PIX and still not really have a clue! Peace Theo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24758&t=23599 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPSec and IKE [7:23599]
hello, I want to know that i am already having IPsec VPN connectivity with 2 different PIX 515s, can i have 1 more connection onto the same PIX515. I mean these commands:- crypto ipsec transform-set TRANS_ESP_DES_SHA esp-des esp-md5-hmac crypto ipsec transform-set vcustomer esp-3des esp-md5-hmac crypto map fingerhut 1 ipsec-isakmp crypto map fingerhut 1 match address 1 crypto map fingerhut 1 set peer a.b.c.d crypto map fingerhut 1 set transform-set vcustomer crypto map fingerhut 2 ipsec-isakmp crypto map fingerhut 2 match address 2 crypto map fingerhut 2 set peer x.y.z.a crypto map fingerhut 2 set transform-set vcustomer crypto map fingerhut interface outside isakmp enable outside isakmp key address a.b.c.d netmask 255.255.255.255 no-xauth no-co nfig-mode isakmp key address x.y.z.a netmask 255.255.255.255 no-xauth no-c onfig-mode isakmp identity address isakmp policy 1 authentication pre-share isakmp policy 1 encryption 3des isakmp policy 1 hash md5 isakmp policy 1 group 1 isakmp policy 1 lifetime 1000 ""Theodore stout"" wrote in message news:[EMAIL PROTECTED] > Personally speaking I am confused too. I am a CCSE and passed MCNS with > perfect points on both on the IPSEC section and I still don't understand it > perfectly. I can use the isakmp, crypto, and FW-1 commands effortlessly yet > I really still don't know what the real difference is between IPSEC and > IKE. I even read that like 70 page file from Cisco, deploying IPSec blah > blah and I was just more confused. What I do really understand it ESP and > AH. That is really clear and necessary to understand for transform sets. > > Watch me get a perfect on this section tomorrow on the Advanced PIX and > still not really have a clue! > > Peace > > Theo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73411&t=23599 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: IPSec and IKE [7:23599]
I don't know about your PIX questions, but the difference between IKE and IPSec is easy. IKE is the key exchange protocol. It is used to pick a transform set to use, what encryption protocol, what key length, etc. It also is used to actually share the symmetric keys used in ESP (one of the IPSec methods). IPSec is the "data" channel, it is the protocol that is used to actually transmit data between two peers. You can think of IKE as the control channel in FTP, and IPSec (AH and/or ESP) as the data channel. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Vijay M [mailto:[EMAIL PROTECTED] Sent: Saturday, August 02, 2003 11:23 AM To: [EMAIL PROTECTED] Subject: Re: IPSec and IKE [7:23599] hello, I want to know that i am already having IPsec VPN connectivity with 2 different PIX 515s, can i have 1 more connection onto the same PIX515. I mean these commands:- crypto ipsec transform-set TRANS_ESP_DES_SHA esp-des esp-md5-hmac crypto ipsec transform-set vcustomer esp-3des esp-md5-hmac crypto map fingerhut 1 ipsec-isakmp crypto map fingerhut 1 match address 1 crypto map fingerhut 1 set peer a.b.c.d crypto map fingerhut 1 set transform-set vcustomer crypto map fingerhut 2 ipsec-isakmp crypto map fingerhut 2 match address 2 crypto map fingerhut 2 set peer x.y.z.a crypto map fingerhut 2 set transform-set vcustomer crypto map fingerhut interface outside isakmp enable outside isakmp key address a.b.c.d netmask 255.255.255.255 no-xauth no-co nfig-mode isakmp key address x.y.z.a netmask 255.255.255.255 no-xauth no-c onfig-mode isakmp identity address isakmp policy 1 authentication pre-share isakmp policy 1 encryption 3des isakmp policy 1 hash md5 isakmp policy 1 group 1 isakmp policy 1 lifetime 1000 ""Theodore stout"" wrote in message news:[EMAIL PROTECTED] > Personally speaking I am confused too. I am a CCSE and passed MCNS with > perfect points on both on the IPSEC section and I still don't understand it > perfectly. I can use the isakmp, crypto, and FW-1 commands effortlessly yet > I really still don't know what the real difference is between IPSEC and > IKE. I even read that like 70 page file from Cisco, deploying IPSec blah > blah and I was just more confused. What I do really understand it ESP and > AH. That is really clear and necessary to understand for transform sets. > > Watch me get a perfect on this section tomorrow on the Advanced PIX and > still not really have a clue! > > Peace > > Theo **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73419&t=23599 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: IPSec and IKE [7:23599]
Vijay, start with a list per dest lan: access-list customerx 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0 then a map per dest lan crypto map fingerhut x ipsec-isakmp crypto map fingerhut x match address customerx crypto map fingerhut x set peer x.x.x.x crypto map fingerhut x set transform-set vcustomer crypto map fingerhut interface outside ISAkmp isakmp key **NEWKEYNEWCUSTO** address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode off the top of myn hat Martijn -Oorspronkelijk bericht- Van: Vijay M [mailto:[EMAIL PROTECTED] Verzonden: zaterdag 2 augustus 2003 17:23 Aan: [EMAIL PROTECTED] Onderwerp: Re: IPSec and IKE [7:23599] hello, I want to know that i am already having IPsec VPN connectivity with 2 different PIX 515s, can i have 1 more connection onto the same PIX515. I mean these commands:- crypto ipsec transform-set TRANS_ESP_DES_SHA esp-des esp-md5-hmac crypto ipsec transform-set vcustomer esp-3des esp-md5-hmac crypto map fingerhut 1 ipsec-isakmp crypto map fingerhut 1 match address 1 crypto map fingerhut 1 set peer a.b.c.d crypto map fingerhut 1 set transform-set vcustomer crypto map fingerhut 2 ipsec-isakmp crypto map fingerhut 2 match address 2 crypto map fingerhut 2 set peer x.y.z.a crypto map fingerhut 2 set transform-set vcustomer crypto map fingerhut interface outside isakmp enable outside isakmp key address a.b.c.d netmask 255.255.255.255 no-xauth no-co nfig-mode isakmp key address x.y.z.a netmask 255.255.255.255 no-xauth no-c onfig-mode isakmp identity address isakmp policy 1 authentication pre-share isakmp policy 1 encryption 3des isakmp policy 1 hash md5 isakmp policy 1 group 1 isakmp policy 1 lifetime 1000 ""Theodore stout"" wrote in message news:[EMAIL PROTECTED] > Personally speaking I am confused too. I am a CCSE and passed MCNS with > perfect points on both on the IPSEC section and I still don't understand it > perfectly. I can use the isakmp, crypto, and FW-1 commands effortlessly yet > I really still don't know what the real difference is between IPSEC and > IKE. I even read that like 70 page file from Cisco, deploying IPSec blah > blah and I was just more confused. What I do really understand it ESP and > AH. That is really clear and necessary to understand for transform sets. > > Watch me get a perfect on this section tomorrow on the Advanced PIX and > still not really have a clue! > > Peace > > Theo **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73467&t=23599 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
