EasyManuals Logo
Home>Digi>Network Router>Connect IT 4

Digi Connect IT 4 User Manual

Digi Connect IT 4
964 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #307 background imageLoading...
Page #307 background image
Virtual Private Networks (VPN) IPsec
Digi Connect IT® 4 User Guide
307
IPsec
IPsec is a suite of protocols for creating a secure communication link—an IPsec tunnel—between a
host and a remote IP network or between two IP networks across a public network such as the
Internet.
IPsec data protection
IPsec protects the data being sent across a public network by providing the following:
Data origin authentication
Authentication of data to validate the origin of data when it is received.
Data integrity
Authentication of data to ensure it has not been modified during transmission.
Data confidentiality
Encryption of data sent across the IPsec tunnel to ensure that an unauthorized device cannot read
the data.
Anti-Replay
Authentication of data to ensure an unauthorized device has not injected it into the IPsec tunnel.
IPsec mode
The Connect IT 4 supports the Tunnel mode. With the Tunnel mode, the entire IP packet is encrypted
and/or authenticated and then encapsulated as the payload in a new IP packet. Transport mode is
not currently supported.
IPsec modes
IPsec can run in two different modes: Tunnel and Transport.
Tunnel
The entire IP packet is encrypted and/or authenticated and then encapsulated as the payload in a
new IP packet.
Transport
Only the payload of the IP packet is encrypted and/or authenticated. The IP header is left
untouched. This mode has limitations when using an authentication header, because the IP
addresses in the IP header cannot be translated (for example, with Network Address Translation
(NAT), as it would invalidate the authentication hash value.
Internet Key Exchange (IKE) settings
IKE is a key management protocol that allows IPsec to negotiate the security associations (SAs) that
are used to create the secure IPsec tunnel. Both IKEv1 and IKEv2 are supported.
SA negotiations are performed in two phases, known as phase 1 and phase 2.
Phase 1
In phase 1, IKE creates a secure authenticated communication channel between the device and the
peer (the remote device which is at the other end of the IPsec tunnel) using the configured pre-shared
key and the Diffie-Hellman key exchange. This creates the IKE SAs that are used to encrypt further IKE
communications.
For IKEv1, there are two modes for the phase 1 negotiation: Main mode and Aggressive mode. IKEv2
does not use these modes.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Digi Connect IT 4 and is the answer not in the manual?

Digi Connect IT 4 Specifications

General IconGeneral
BrandDigi
ModelConnect IT 4
CategoryNetwork Router
LanguageEnglish

Related product manuals