Hi all A question which is totally out of the CCIE's scope but if any one has inputs, please provide.
As you all know that GDOI messages are protected by ISAKMP Phase 1. The ISAKMP Phase 1 generates the following: SKEYID_a which authenticates the ISAKMP Phase 1 messages SKEYID_e which encrypts the ISAKMP Phase 1 messages SKEYID_d which is used to derive the keying materials for IPSec GDOI uses two keys TEK and KEK. Is SKEYID_e used to derice the keying material for KEK and TEK? Please don't ask me to refer RFC 3547, I went through it :-) With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
