Skip to main content

AIX Virtual Private Networks

Tab navigation

  • Certification
    AIX VPNs have been certified by the International Computer Security Association (ICSA) (link resides outside of ibm.com).

    This certification involved rigorous testing to verify that AIX's VPN capabilities meet tough ICSA security standards. The AIX operating system is an element of IBM's eNetwork Virtual Private Networks solutions that help provide safe, flexible and low-cost end-to-end-encrypted connections across the Internet and other public networks that otherwise would be vulnerable to hackers.
  • ICSA IP Sec 1.1 Certification
  • RFC Standards
  • AIX Version 5.1 received Certification on May 2003 icsa.gif.
    The standards that are used are the documents being produced by the IP Security group of the Internet Engineering Task Force (IETF). Most standards have been recently promoted to RFC status in late 1998. The AIX IP Security version of IKE is compliant with the RFCs. The list of standards and draft standards currently in use upon which the design of the ISAKMP code is based include:
    ISAKMP
    • RFC2401: Security Architecture for the Internet Protocol
    • RFC2408: Internet Security Association & Key Management Protocol (ISAKMP)
    • RFC2407: The Internet IP Security Domain of Interpretation for ISAKMP
    • RFC2412: The resolution of ISAKMP with Oakley
    • draft-ietf-ipsec-pki-req-02e.txt: PKI Requirements for IP Security
    • draft-ietf-pkix-ipki-part1-11.txt: Internet X.509 Public Key Infrastructure Certificate and CRL Profile

    Other related drafts include:
    IPSEC
    • rfc2402: IP Authentication Header
    • rfc2406: IP Encapsulating Security Payload Header
    Cipher-related
    • RFC 2104: HMAC: Keyed-Hashing for Message Authentication
    • RFC 2403: The Use of HMAC-SHA-1-96 within ESP and AH
    • RFC 2404: The Use of HMAC-MD5-96 within ESP and AH
    • RFC 2406: ESP with Cipher Block Chaining (CBC)
    • RFC 2405: The ESP DES-CBC Cipher Algorithm With Explicit IV
    • draft-ietf-ipsec-ciph-des3-00: The ESP Triple DES Transform
    • draft-ietf-ipsec-ciph-3des-expiv-00: The ESP 3DES-CBC Algorithm Using an Explicit IV
    • rfc2410: The NULL Encryption Algorithm and Its Use With IPsec
    The RFCs listed above may be obsoleted by new RFCs. The new RFCs can be found at: http://www.ietf.org (link resides outside of ibm.com).

    The RFC's are dynamic and subject to interpretation. Our intent is to implement the necessary parts of the standard to interoperate in an heterogeneous environment.

Content navigation

Related links