Avaya Configuring IP Security Services Bedienungsanleitung PDF herunterladen (Seite 33)

Overview of IPsec

304111-B Rev 00

1-15

In Table 1-2, the IP source and destination addresses for the SA are the tunnel end

points for the IPsec tunnel through which the traffic passes. Intermediate routers

are unaware that the traffic is encrypted, and pass it along just like any other

packets.

Security Protocols

IPsec uses two protocols to provide traffic security:

• Encapsulating Security Payload (ESP)

• Authentication Header (AH)

You can use either protocol or both to protect data packets on a VPN. Generally,

only one protocol is necessary.

The Bay Networks IPsec implementation uses ESP only. Bay Networks does not

implement the AH protocol because the same functions are available from ESP.

Encapsulating Security Payload

The ESP protocol provides confidentiality (encryption) services. It can also

provide data integrity, data origin authentication, and an anti-replay service.

• Data integrity ensures that the data has not been altered.

• Data origin authentication validates the sending and receiving parties.

• Anti-replay service ensures that the receiver only receives and processes each

packet once.

One or more of these security services must be applied whenever ESP is invoked.

ESP applies the following algorithms and transform identifiers to deliver its

services:

Table 1-2. Manual Security Association (SA) Configurations

Security Association SPI Cipher Integrity

Source

Address

Destination

Address Algorithm

Key

Length Key Algorithm Key

IP address IP address 270 DES 40 Hex value HMAC MD5 Hex value

IP address IP address 260 DES 56 Hex value MD5 Hex value

1 2 ... 28 29 30 31 32 33 34 35 36 37 38 ... 99 100

Keine Kommentare

Avaya Configuring IP Security Services Bedienungsanleitung Seite 33