Filter
Top Products
1-2
Integrated Services Adapter and Integrated Services Module Installation and Configuration
OL-3575-01 B0
Chapter1 Overview
Data Encryption Overview
Note The Cisco 7100 series VPN routers do not support ISM and ISA in the same chassis. The Cisco 7100
series routers do not support online insertion and removal of the ISM.
The Cisco 7200 series routers do not support the ISM. The Cisco 7200 series routers support online
insertion and removal of the ISA.
Data Encryption Overview
The ISA and the ISM support IPSec, IKE, Microsoft Point to Point Encryption (MPPE), and
Certification Authority (CA) interoperability features, providing highly scalable remote access VPN
capabilities to Microsoft Windows 95/98/NT systems.
MPPE in conjunction with Microsoft’s Point-to-Point tunneling protocol (PPTP) provides security for
remote Microsoft Windows users by providing a tunneling capability, user-level authentication, and data
encryption.
Note For more information on IPSec, IKE, MPPE, and CA interoperability, refer to the “IP Security and
Encryption” chapter in the Security Configuration Guide and Security Command Reference publications.
IPSec acts at the network level and is a framework of open standards developed by the Internet
Engineering Task Force (IETF) that provides security for transmission of sensitive information over
unprotected networks such as the Internet. IPSec services are similar to those provided by Cisco
Encryption Technology (CET). However, IPSec provides a more robust security solution and is
standards-based. IPSec also provides data authentication and antireplay services in addition to data
confidentiality services, whereas CET provides data confidentiality services only.
Cisco implements the following standards with data encryption:
• IPSec—IPSec is a framework of open standards that provides data confidentiality, data integrity, and
data authentication between participating peers. IPSec provides these security services at the IP
layer; it uses IKE to handle negotiation of protocols and algorithms based on local policy, and to
generate the encryption and authentication keys to be used by IPSec. IPSec can be used to protect
one or more data flows between a pair of hosts, between a pair of security gateways, or between a
security gateway and a host.
IPSec is documented in a series of Internet Drafts. The overall IPSec implementation is documented
in RFC 2401 through RFC 2412 and RFC 2451.
• IKE—Internet Key Exchange (IKE) is a hybrid security protocol that implements Oakley and Skeme
key exchanges inside the Internet Security Association and Key Management Protocol (ISAKMP)
framework. Although IKE can be used with other protocols, its initial implementation is with the
IPSec protocol. IKE provides authentication of the IPSec peers, negotiates IPSec security
associations, and establishes IPSec keys. IPSec can be configured without IKE, but IKE enhances
IPSec by providing additional features, flexibility, and ease of configuration for the IPSec standard.
• Microsoft Point-to-Point Encryption (MPPE) protocol is an encryption technology that provides
encryption across point-to-point links. These links may use Point-to-Point Protocol (PPP) or
Point-to-Point Tunnel Protocol (PPTP).
The ISA and the ISM support MPPE when encapsulation is set to PPP or PPTP.