Avaya Configuring Integrated IP Security Bedienungsanleitung PDF herunterladen (Seite 30)

Configuring IP Security Services

2-6

304111-A Rev 00

Figure 2-3. Outbound and Inbound Policies

Security Policy Database (SPD)

The criteria (“selectors”) and action specifications used in your inbound and

outbound policies are stored in the security policy database (SPD).

IPsec defaults in favor of more security rather than less. If an outbound or inbound

packet does not match the criteria of any configured outbound or inbound policy

in the SPD, the packet is dropped.

IPsec discards any outbound clear-text data packet unless you explicitly configure

a policy to drop, bypass, or protect it.

Security Associations

A security association (SA) is a secure tunnel through which only the hosts that

you identify can exchange the protocol data that you specify at the degree of

protection that you specify.

A security association is uniquely identified by an IP destination address, security

parameter index (SPI), and security protocol identifier (ESP in tunnel mode).

An IPsec policy determines which packets will be handled. A security association

(SA) specifies which IPsec security service (for example, confidentiality) IPsec

will apply to the packets. You can apply one or more IPsec security services.

IP0078A

Untrusted

network

Local

host

Trusted

network

Outbound Policy

Inbound Policy (clear text only)

IPsec interface

Remote

host

Outbound Policy

Inbound Policy (clear text only)

Security

gateway

Security

gateway

Trusted

network

1 2 ... 25 26 27 28 29 30 31 32 33 34 35 ... 71 72

Keine Kommentare

Avaya Configuring Integrated IP Security Bedienungsanleitung Seite 30