Avaya Configuring IP Security Services Bedienungsanleitung PDF herunterladen (Seite 34)

Configuring IPsec Services

1-16

304111-B Rev 00

• Data Encryption Standard (DES) (56-bit)

• 40-bit DES (manual keying only)

• Triple DES (3DES) (3DES IPsec Option only)

• HMAC Message Digest 5 (MD5)

•HMAC SHA1

ESP uses the Data Encryption Standard (DES) algorithm or the Triple DES

(3DES) algorithm for encryption. ESP uses Hashing Message Authentication

Code Message Digest 5 (HMAC MD5) or HMAC SHA1 transform identifiers for

authentication.

ESP uses the cipher block chaining (CBC) mode of the DES encryption

algorithm. CBC is considered the most secure mode of DES. A 56-bit or 40-bit

number, known as a key, controls encryption and decryption. Key management is

automated through IKE, or can be controlled manually.

Both sides of an SA must use the same encryption service. Normally, you should

use the stronger 56-bit DES key for greater security, or triple DES if appropriate.

However, if you are communicating with a security gateway that is limited to a

40-bit DES key due to cryptography export restrictions, you must use the 40-bit

key.

When ESP protection is used in tunnel mode, an “outer” IP header specifies the

IPsec processing destination, and an “inner” IP header specifies the (actual) target

destination for the packet. The security protocol header appears after the outer IP

header and before the inner one. Only the tunneled packet is protected, not the

outer header.

Authentication Header

The AH protocol provides data integrity, data origin authentication, and optional

anti-replay services. It provides encryption services to the header only, not to the

entire IP packet.

The AH protocol uses HMAC MD5 and HMAC SHA1 transform identifiers. The

AH protocol is not used in the Bay Networks implementation of IPsec.

1 2 ... 29 30 31 32 33 34 35 36 37 38 39 ... 99 100

Keine Kommentare

Avaya Configuring IP Security Services Bedienungsanleitung Seite 34