This solution applies to all Barracuda Link Balancers
- Initial authentication
a.Shared secret (part of IKE)
b. LDAP, Digital certificates,etc
- Negotiation of VPN parameters
a. Encryption, key life cycle, etc.
- Protection of data
In the first phase, initial authentication takes place. Both end points confirm who they are. This process can be done by LDAP, PKI or by exchange of a shared secret, which is a hash of a pre-programmed password. When a shared secret is used, IKE (Internet Key Exchange) handles the negotiation using UDP/500.
In phase Two, the parameters of the VPN are negotiated. The two end points negotiate things like encryption types, security services (ESP or AH or combination) and how often encryption keys are created.
*ESP uses protocol 50 and AH uses protocol 51.
In phase Three the VPN is initialized and data is transferred securely.
Link to this page: