18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc....
-
Upload
sylvia-malone -
Category
Documents
-
view
380 -
download
50
Transcript of 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc....
![Page 1: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/1.jpg)
18.1
Chapter 18
Security at the Network Layer: IPSec
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
![Page 2: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/2.jpg)
18.2
Objectives
❏ To define the architecture of IPSec
❏ To discuss the application of IPSec in transport and tunnel modes
❏ To discuss how IPSec can be used to provide only authentication
❏ To discuss how IPSec can be used to provide both confidentiality and authentication
❏ To define Security Association and explain how it is implemented for IPSec
❏ To define Internet Key Exchange and explain how it is used by IPSec.
Chapter 18
![Page 3: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/3.jpg)
18.3
Figure 18.1 TCP/IP Protocol Suite and IPSec
Chapter 18 (Continued)
![Page 4: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/4.jpg)
18.4
18-1 TWO MODES18-1 TWO MODES
IPSec operates in one of two different modes: IPSec operates in one of two different modes: transport mode or tunnel mode.transport mode or tunnel mode.
18.1.1 Transport Mode18.1.2 Tunnel Mode18.1.3 Comparison
Topics discussed in this section:Topics discussed in this section:
![Page 5: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/5.jpg)
18.5
In transport mode, IPSec protects what is delivered from the transport layer to the network layer.
18.1.1 Transport Mode
IPSec in transport mode does not protect the IP header;
it only protects the informationcoming from the transport layer.
Note
![Page 6: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/6.jpg)
18.6
Figure 18.2 IPSec in transport mode
18.1.1 (Continued)
![Page 7: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/7.jpg)
18.7
Figure 18.3 Transport mode in action
18.1.1 (Continued)
![Page 8: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/8.jpg)
18.8
In tunnel mode, IPSec protects the entire IP packet. It takes an IP packet, including the header, applies IPSec security methods to the entire packet, and then adds a new IP header.
18.1.2 Tunnel Mode
IPSec in tunnel mode protects the original IP header.
Note
![Page 9: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/9.jpg)
18.9
Figure 18.4 IPSec in tunnel mode
18.1.2 (Continued)
![Page 10: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/10.jpg)
18.10
Figure 18.5 Tunnel mode in action
18.1.2 (Continued)
![Page 11: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/11.jpg)
18.11
18.1.3 Comparison
Figure 18.6 Transport mode versus tunnel mode
![Page 12: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/12.jpg)
18.12
18-218-2 TWO SECURITY PROTOCOL TWO SECURITY PROTOCOL
IPSec defines two protocols—the Authentication IPSec defines two protocols—the Authentication Header (AH) Protocol and the Encapsulating Security Header (AH) Protocol and the Encapsulating Security Payload (ESP) ProtocolPayload (ESP) Protocolto provide authentication to provide authentication and/or encryption for packets at the IP level.and/or encryption for packets at the IP level.
18.2.1 Authentication Header (AH)18.2.2 Encapsulating Security Payload (ESP)18.2.3 IPv4 and IPv618.2.4 AH versus ESP18.2.5 Services Provided by IPSec
Topics discussed in this section:Topics discussed in this section:
![Page 13: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/13.jpg)
18.13
18.2.1 Authentication Header (AH)
The AH protocol provides source authentication and data integrity,
but not privacy.
Note
![Page 14: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/14.jpg)
18.14
Figure 18.7 Authentication Header (AH) protocol
18.2.1 (Continued)
![Page 15: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/15.jpg)
18.15
18.2.2 Encapsulating Security Payload (ESP)
ESP provides source authentication, data integrity, and privacy.
Note
![Page 16: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/16.jpg)
18.16
Figure 18.8 ESP
18.2.2 (Continued)
![Page 17: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/17.jpg)
18.17
IPSec supports both IPv4 and IPv6. In IPv6, however, AH and ESP are part of the extension header.
18.2.3 IPv4 and IPv6
![Page 18: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/18.jpg)
18.18
The ESP protocol was designed after the AH protocol was already in use. ESP does whatever AH does with additional functionality (privacy).
18.2.4 AH versus ESP
![Page 19: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/19.jpg)
18.19
18.2.5 Services Provided by IPSec
Table 18.1 IPSec services
![Page 20: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/20.jpg)
18.20
Figure 18.9 Replay window
18.2.5 (Continued)
![Page 21: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/21.jpg)
18.21
18-3 SECURITY ASSOCIATION18-3 SECURITY ASSOCIATION
Security Association is a very important aspect of Security Association is a very important aspect of IPSec. IPSec requires a logical relationship, called a IPSec. IPSec requires a logical relationship, called a Security Association (SA), between two hosts. This Security Association (SA), between two hosts. This section first discusses the idea and then shows how it section first discusses the idea and then shows how it is used in IPSec. is used in IPSec.
18.3.1 Idea of Security Association18.3.2 Security Association Database (SAD)
Topics discussed in this section:Topics discussed in this section:
![Page 22: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/22.jpg)
18.22
18.3.1 Idea of Security Association
Figure 18.10 Simple SA
![Page 23: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/23.jpg)
18.23
18.3.2 Security Association Database (SAD)
Figure 18.11 SAD
![Page 24: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/24.jpg)
18.24
18.3.2 (Continued)Table 18.2 Typical SA Parameters
Parameters Description
![Page 25: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/25.jpg)
18.25
18-4 SECURITY POLICY18-4 SECURITY POLICY
Another import aspect of IPSec is the Security Policy Another import aspect of IPSec is the Security Policy (SP), which defines the type of security applied to a (SP), which defines the type of security applied to a packet when it is to be sent or when it has arrived. packet when it is to be sent or when it has arrived. Before using the SAD, discussed in the previous Before using the SAD, discussed in the previous section, a host must determine the predefined policy section, a host must determine the predefined policy for the packet.for the packet.
18.4.1 Security Policy Database
Topics discussed in this section:Topics discussed in this section:
![Page 26: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/26.jpg)
18.26
Figure 18.12 Connection identifiers
18.4.1 (Continued)
![Page 27: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/27.jpg)
18.27
Figure 18.13 Outbound processing
18.4.1 (Continued)
![Page 28: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/28.jpg)
18.28
Figure 18.14 Inbound processing
18.4.1 (Continued)
![Page 29: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/29.jpg)
18.29
18-5 INTERNET KEY EXCHANGE (IKE)18-5 INTERNET KEY EXCHANGE (IKE)
The Internet Key Exchange (IKE) is a protocol The Internet Key Exchange (IKE) is a protocol designed to create both inbound and outbound designed to create both inbound and outbound Security Associations. Security Associations.
18.5.1 Improved Diffie-Hellman Key Exchange18.5.2 IKE Phases18.5.3 Phases and Modes18.5.4. Phase I: Main Mode18.5.5 Phase I: Aggressive Mode18.5.6 Phase II: Quick Mode18.5.7 SA Algorithms
Topics discussed in this section:Topics discussed in this section:
![Page 30: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/30.jpg)
18.30
IKE creates SAs for IPSec.
Note
18.5 (Continued)
![Page 31: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/31.jpg)
18.31
Figure 18.15 IKE components
18.5 (Continued)
![Page 32: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/32.jpg)
18.32
18.5.1 Improved Diffie-Hellman
Figure 18.16 Diffie-Hellman key exchange
![Page 33: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/33.jpg)
18.33
Figure 18.17 Diffie-Hellman with cookies
18.5.1 (Continued)
![Page 34: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/34.jpg)
18.34
18.5.1 Continued
To protect against a clogging attack, IKE uses cookies.
Note
To protect against a replay attack, IKE uses nonces.
Note
To protect against man-in-the-middle attack, IKE requires that each party shows that it possesses a secret.
Note
![Page 35: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/35.jpg)
18.35
18.5.2 IKE Phases
IKE is divided into two phases: phase I and phase II. Phase I creates SAs for phase II; phase II creates SAs for a data
exchange protocol such as IPSec..
Note
![Page 36: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/36.jpg)
18.36
18.5.3 Phases and Modes
Figure 18.18 IKE Phases
![Page 37: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/37.jpg)
18.37
Figure 18.19 Main-mode or aggressive-mode methods
18.5.3 (Continued)
![Page 38: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/38.jpg)
18.38
18.5.4 Phase I: Main Mode
Figure 18.20 Main mode, preshared secret-key method
![Page 39: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/39.jpg)
18.39
Figure 18.21 Main mode, original public-key method
18.5.4 (Continued)
![Page 40: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/40.jpg)
18.40
Figure 18.22 Main mode, revised public-key method
18.5.4 (Continued)
![Page 41: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/41.jpg)
18.41
Figure 18.23 Main mode, digital signature method
18.5.4 (Continued)
![Page 42: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/42.jpg)
18.42
18.5.5 Phase I: Aggressive Mode
Figure 18.24 Aggressive mode, preshared-key method
![Page 43: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/43.jpg)
18.43
Figure 18.25 Aggressive mode, original public-key method
18.5.5 (Continued)
![Page 44: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/44.jpg)
18.44
Figure 18.26 Aggressive mode, revised public-key method
18.5.5 (Continued)
![Page 45: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/45.jpg)
18.45
Figure 18.27 Aggressive mode, digital signature method
18.5.5 (Continued)
![Page 46: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/46.jpg)
18.46
18.5.6 Phase II: Quick Mode
Figure 18.28 Quick mode
![Page 47: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/47.jpg)
18.47
18.5.7 SA Algorithms
Table 18.3 Diffie-Hellman groups
![Page 48: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/48.jpg)
18.48
18.5.7 Continued
Table 18.4 Hash Algorithms
![Page 49: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/49.jpg)
18.49
18.5.7 Continued
Table 18.5 Encryption algorithms
![Page 50: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/50.jpg)
18.50
18-6 ISKAMP18-6 ISKAMP
The ISAKMP protocol is designed to carry messages The ISAKMP protocol is designed to carry messages for the IKE exchange.for the IKE exchange.
18.6.1 General Header18.6.2 Payloads
Topics discussed in this section:Topics discussed in this section:
![Page 51: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/51.jpg)
18.51
Figure 18.29 ISAKMP general header
18.6.1 General Header
![Page 52: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/52.jpg)
18.52
18.6.2 Payloads
Table 18.6 Payloads
![Page 53: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/53.jpg)
18.53
Figure 18.30 Generic payload header
18.6.2 (Continued)
Figure 18.31 SA payload
Figure 18.32 Proposal payload
![Page 54: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/54.jpg)
18.54
Figure 18.33 Transform payload
18.6.2 (Continued)
![Page 55: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/55.jpg)
18.55
Figure 18.34 Key-exchange payload
18.6.2 (Continued)
Figure 18.35 Identification payload
Figure 18.36 Certification payload
![Page 56: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/56.jpg)
18.56
18.6.2 Continued
Table 18.7 Certification types
![Page 57: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/57.jpg)
18.57
Figure 18.37 Certification request payload
18.6.2 (Continued)
Figure 18.38 Hash payload
Figure 18.39 Signature payload
![Page 58: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/58.jpg)
18.58
Figure 18.40 Nonce payload
18.6.2 (Continued)
Figure 18.41 Notification payload
![Page 59: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/59.jpg)
18.59
18.6.2 Continued
Table 18.8 Notification types
![Page 60: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/60.jpg)
18.60
18.6.2 Continued
Table 18.8 Notification types (Continued)
![Page 61: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/61.jpg)
18.61
18.6.2 Continued
Table 18.9 Status notification values
![Page 62: 18.1 Chapter 18 Security at the Network Layer: IPSec Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.](https://reader036.fdocuments.us/reader036/viewer/2022081415/56649d055503460f949d8e37/html5/thumbnails/62.jpg)
18.62
Figure 18.42 Delete payload
18.6.2 Continued
Figure 18.43 Vendor payload