Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The quick mode security association is the second phase in a two-phase negotiation process. During the quick mode security negotiation phase, a security association (SA) is negotiated on behalf of the IPSec driver.
The IPSec devices exchange the following requirements for enhancing the security of the data transfer:
- The IPSec protocol (AH or ESP).
- The hash algorithm for data integrity and authentication. IPSec uses the following message authentication code (HMAC) algorithms:
Algorithm Description HMAC-MD5 Produces a 128-bit value. HMAC-SHA1 Produces a 160-bit value. While somewhat slower than HMAC-MD5, HMAC-SHA1 is more secure. - The algorithm for encryption, if it is requested (3DES or DES).
The following table shows the SA parameters for quick mode, in preferential order.
| Encryption | Integrity | Comments |
|---|---|---|
| 3DES | HMAC-MD5 | None. |
| 3DES | HMAC-SHA | None. |
| DES | HMAC-MD5 | None. |
| DES | HMAC-SHA | None. |
| - | HMAC-MD5 | Disabled by default. |
| - | HMAC-SHA | Disabled by default. |
See Also
Security Association | Main Mode Security Association
Send Feedback on this topic to the authors