Intoto’s iGateway VPN technology includes IPsec as well as IKE that is used for automatic key negotiation. iGateway VPN provides data confidentiality, authenticity and data integrity by encrypting the data using DES, 3DES and AES. Authentication mechanisms used during the VPN setup allow only authorized remote or mobile users to access corporate networks. With  VPNC certification, it guarantees interoperability with leading VPN solutions deployed in the marketplace. Intoto was one of the first vendors to obtain IPsec certification against the latest 1.0D and 1.1D criteria and also received certification through VPNC.


iGateway VPN Technology Components

  • IPsec Engine
  • IKE Engine with XAUTH and Mode Config
  • IKEv2 Support
  • Extensive PKI Support
  • Advanced Policy Manager
  • Comprehensive APIs to support cryptographic libraries and accelerators

iGateway VPN Technology Features

  • VPNC Labs certified
  • Integrated with industry standard crypto-accelerators including intelligent packet processing accelerators
  • Supports multiple simultaneous hardware accelerators
  • Flexible policy configuration supporting multiple proposals and transforms
  • Support for high availability
  • Remote user authentication
  • E-mail alerts and syslog support for event logging
  • Comprehensive network access statistics
  • Authentication support includes pre-shared keys, RSA signatures, and DSA signatures
  • Supports main, aggressive, and quick modes
  • Diffie-Hellman Groups supported - Group 1 (MODP 768) and Group 2 (MODP 1536)
  • Support for encryption algorithms- DES, 3DES and AES
  • Data authentication algorithms - SHA1, MD5
  • Perfect Forward Secrecy for identities 
  • PKI Features - X.509 v3 certificates, File-based Certificate upload, OCSP and SCEP 

Internet Key Exchange (IKE)

The key for encryption or authentication of data can be obtained by using a key exchange protocol called the Internet Key Exchange (IKE).  Intoto’s IKE implementation is optimized for achieving fast SA negotiations.  This module supports the main mode, aggressive mode and quick mode exchanges.  It supports the pre-shared key method and certificate based authentication for phase 1 exchanges.  The module's Certificate Manager provides the required functionality to make IKE capable of handling certificate based authentication.


Internet Key Exchange v2 (IKEv2)

The new IKEv2 specification merges multiple dependent specifications and requirements that have evolved over time since the original IKEv1 specification. These include legacy authentication, remote configuration and NAT traversal. By removing unnecessary requirements, the IKEv2 core framework is significantly simplified and produces better performance, security, and reliability through improved response time and throughput. With IKEv2 functionality, the Intoto iGateway EX product family is ideal for IPv4, IPv6 and mobile applications.


IPsec

The Authentication Header (AH) and the Encapsulating Security Protocol (ESP) are provided by Intoto's IPsec module.  The AH authenticates and checks the integrity of data and provides anti-replay service for automatic key management.  The ESP protocol provides confidentiality, authentication, and integrity.  This protocol provides anti-replay service when authentication is selected and protection from traffic analysis in the case of IP tunneling.   


PKI Support

iGateway VPN provides extensive PKI support.  It authenticates remote users as they connect to the system using digital certificates available from leading certificate authorities. In addition, iGateway VPN has an integrated LDAP client for CRL retrieval and loading. It also supports SCEP and OCSP.