![]() NAT has been an important mechanism for addressing the growing shortage of available public IP addresses, which is a limitation of the IPv4 protocol currently used for most Internet communications. That is because NAT changes the IP headers when it translates multiple internal private IP addresses to a single public external address (which it does so that many computers can access the Internet via one public address). ![]() In Windows 2000, a major drawback of IPsec was that it could not be used when one of the communicating computers was behind a NAT system. If any type of modification has been made to the contents of these packets, the receiving IPsec computer will detect the modification and discard the packets. If the packets are not encrypted, the firewall, proxy server, or security gateway can inspect the packet contents or the TCP and UDP ports. Often, firewalls, proxy servers, and security gateways must be configured to allow IPsec and IKE traffic to be forwarded. IKE is used to centralize SA management and to generate and manage the secret shared keys that are used to secure data in transport. ISAKMP is used by IPsec as a key management system by combining the ISAKMP protocol and another protocol named IKE. Tariq Bin Azad, in Securing Citrix Presentation Server in the Enterprise, 2008 ISAKMP and IKE Security Guidance for ICA and Network Connections
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |