Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online

    Free Trial

    Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


    • Create BookmarkCreate Bookmark
    • Create Note or TagCreate Note or Tag
    • DownloadDownload
    • PrintPrint
    Share this Page URL
    Help

    14.7. Summary

    In this chapter, we took a quick look at the near-term future of IPsec. As we saw, the changes to AH and ESP are minimal, but IKE has been enhanced to make it both simpler and more flexible. IKEv2 is able to negotiate lists of address and port ranges, as well as type/code values for ICMP and IPv6 mobility header types.

    The IKEv2 protocol is reliable and uses two message exchanges, making the entire negotiation shorter. IKEv2 can negotiate an IKE SA and the first child SA in only four messages. Because the most common situation requires only these two SAs, we can normally establish an ESP VPN with only four IKE messages.


      

    You are currently reading a PREVIEW of this book.

                                                                                            

    Get instant access to over
    $1 million worth of books and videos.

      

    Start a Free Trial