What Are the Reference Standards and Protocols for the IPsec VPN?


The following standards and protocols are associated with the IPsec VPN:

  • RFC 4301: Security Architecture for the Internet Protocol

  • RFC 2403: The Use of HMAC-MD5-96 within ESP and AH

  • RFC 2409: The Internet Key Exchange (IKE)

  • RFC 2857: The Use of HMAC-RIPEMD-160-96 within ESP and AH

  • RFC 3566: The AES-XCBC-MAC-96 Algorithm and its use with IPsec

  • RFC 3625: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)

  • RFC 3664: The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)

  • RFC 3706: A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers

  • RFC 3748: Extensible Authentication Protocol (EAP)

  • RFC 3947: Negotiation of NAT-Traversal in the IKE

  • RFC 4109: Algorithms for Internet Key Exchange version 1 (IKEv1)

  • RFC 3948: UDP Encapsulation of IPsec ESP Packets

  • RFC 4305: Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)

  • RFC 4306: Internet Key Exchange (IKEv2) Protocol

  • RFC 4307: Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)

  • RFC 4322: Opportunistic Encryption using the Internet Key Exchange (IKE)

  • RFC 4359: The Use of RSA/SHA-1 Signatures within Encapsulating Security Payload (ESP) and Authentication Header (AH)

  • RFC 4434: The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)

  • RFC 4478: Repeated Authentication in Internet Key Exchange (IKEv2)

  • RFC 5996: Internet Key Exchange Protocol Version 2 (IKEv2)

Other related questions:
Standard spanning tree protocols used on S series switch
S series switches (except S1700 switches) support the following standard spanning tree protocols: 1. STP: Spanning Tree Protocol 2. RSTP: Rapid Spanning Tree Protocol, compatible with STP 3. MSTP: Multiple Spanning Tree Protocol, compatible with STP and RSTP By default, S series switches use MSTP. When running a command to set STP mode, you can select STP, RSTP, or MSTP. VLAN-Based Spanning Tree (VBST) is a Huawei proprietary spanning tree protocol, which sets up a spanning tree for each VLAN, so traffic in different VLANs can be forwarded through different spanning trees.

Protocols and standards that Dorado V3 complies with
For protocols and standards that OceanStor Dorado5000 V3&Dorado6000 V3 storage system complies with, see: Standards Compliance.

InfiniBand protocols and standards supported by Huawei
Huawei InfiniBand interface modules currently support the fourteen data rate (FDR) and are compatible with the quad data rate (QDR). A single interface provides quadruple rate depending on whether FDR or QDR is used. The interface bandwidth is up to 56 Gbit/s. The upper-layer SRP is supported and the storage SCSI protocol can be used to provide SAN services. IPoIB will be supported later to provide NAS services. Communication management based on OpenSM is supported.

Which encryption communication protocols does IPSec support and what are their differences
IPSec supports Authentication Header (AH) and Encapsulating Security Payload (ESP) protocols. The differences between these protocols are: -AH: provides data origin authentication, data integrity check, and the anti-replay services. The sender performs the hash algorithm on the IP payload and all header fields of an IP packet except for variable fields to generate a message digest. The receiver recalculates the message digest according to the received IP packet and compares the two message digests to determine whether the IP packet has been modified during transmission. AH does not encrypt the IP payload. AH is applicable to transmit non-confidential data. -ESP: encrypts the IP payload in addition to providing all the functions of AH. ESP can encrypt and authenticate the IP payload but does not protect the IP packet header. ESP can be used to transmit confidential data. AH and ESP can be used independently or together. When AH and ESP are used together, ESP encapsulation and then AH encapsulation are performed on an IP packet to enhance security.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top