Professional Documents
Culture Documents
Delivery header
20.1.1.1/30.1.1.1 GRE 10.1.1.1/10.2.1.1
20.1.1.1 30.1.1.1
10.1.1.1/10.2.1.1
10.1.1.1 10.2.1.1
Gateway Gateway
20.1.1.1
Internet 30.1.1.1
serial 0/0 serial 0/0
tunnel 0 tunnel 0
10.1.1.1/10.2.1.1
e0 e0
10.1.1.1/10.2.1.1 10.1.1.1/10.2.1.1
10.1.0.0/16 10.2.0.0/16
Customer Sites
s0 e0 … Tunnel0
(9)
(1)
20.1.1.1/30.1.1.1 [10.1.1.1/10.2.1.1] 10.1.1.1/10.2.1.1
Routing table of R2
10.2.0.0/16 e0
30.1.1.1/30 s0 (6) (3)
IP GRE
10.2.0.0/16 tunnel0
0.0.0.0/0 s0
(2) (5) (4)
(7)
10.1.1.1/10.2.1.1
s0 e0 … Tunnel
0
(1) (8)
Routing table of R1
10.1.0.0/16 e0
20.1.1.1/30 s0
10.2.0.0/16 tunnel0
0.0.0.0/0 s0
Routing updates
(subnets of 10.0.0.0/8)
10.1.0.0/16 10.2.0.0/16
10.1.1.1/10.2.1.1
20.1.1.1/30.1.1.1 Ipsec_protected 10.1.1.1/10.3.1.1
10.1.1.1/10.2.1.1
10.1.1.1/10.3.1.1
-Authentication
-Cipher suit Encryption,
negotiation MIC &
-Keys Compression
generation
Write/read
Fragment (Compressed)
MAC secret
Write/read
Key
ICV
Key generation
Key_block = PRF(Master_secret, “key expansion”, Ns+Nc)
Client Server
Client Hello: session ID, Nc, cipher suit list, compression alg. list
Server Certificate O+
Key Exchange: Signature O+
Certificate request O-
Client Server
O- Client Certificate
Key exchange
Application Data
Client Server
Client Hello: session ID, Nc
Server Hello: Ns Generate keys
Generate keys
Change cipher spec
Finished
Change cipher spec
Finished
Data
Client Server
Current Current
states states