Avaya Configuring IPsec Services Bedienungsanleitung Seite 102
- Seite / 122
- Inhaltsverzeichnis
- FEHLERBEHEBUNG
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
Configuring IPsec Services
C-18
308630-14.00 Rev 00
Configuration Specifics
Configuring a Contivity switch to interoperate with BayRS IPsec requires that you
configure the Contivity switch with a “Branch Office Connection” with a tunnel
type equal to “IPsec.”
The Contivity documentation provides detailed configuration steps for Branch
Office Connections. As you go through those steps, consider the following
interoperability information:
• When configuring IP network addresses, note that BayRS lets you configure a
network range that can include from one to any number of valid IP addresses.
This provides flexibility for BayRS-to-BayRS IPsec implementations.
However, many IPsec platforms, such as Contivity, require that you configure
IP addresses by subnet and mask. This means that for BayRS to work with
Contivity, a BayRS policy must contain source and destination IP address
ranges that match the exact ranges of the corresponding Contivity Branch
Office Connection’s local and remote accessible networks.
For example, if the Contivity side of the IPsec tunnel Branch Office
Connection has a remote network of 192.32.54.128/255.255.255.224 and a
local network of 192.32.13.128/255.255.255.224, then the corresponding
BayRS policy must have a source address range of exactly 192.32.54.128 to
192.32.54.159, and a destination address range of exactly 192.32.13.128 to
192.32.13.159.
• Routing: Currently, only static routing is supported between the Contivity
switch and BayRS IPsec gateways. Although Contivity offers “VPN
Routing,” which sends RIP routes through an IPsec tunnel, this is proprietary
to the Contivity switch. A BayRS router interface with IPsec sends broadcasts
out the interface in cleartext only. The Contivity switch’s public interface will
not accept these cleartext broadcasts.
• Performance: The BayRS implementation is slower than Contivity. Consider
performance when determining what traffic needs IPsec protection and what
traffic does not need protection. If perfect forward secrecy (PFS) is
unnecessary, disable PFS on the Contivity switch (PFS is disabled by default
on BayRS). Using DES encryption instead of Triple DES encryption may be
preferable when considering a tradeoff between performance and protection.
Triple DES computational requirements for encrypting data are higher than
those for DES.
- Configuring IPsec Services 1
- Trademarks 2
- Restricted Rights Legend 2
- Statement of Conditions 2
- Contents 7
- 308630-14.00 Rev 00 ix 9
- 308630-14.00 Rev 00 xi 11
- 308630-14.00 Rev 00 xiii 13
- Before You Begin 15
- Text Conventions 16
- Acronyms 17
- Hard-Copy Technical Manuals 19
- How to Get Help 19
- Chapter 1 21
- Overview of IPsec 21
- About IPsec 22
- Note Regarding IPsec and NAT 22
- Supported Routers 23
- Supported WAN Protocols 23
- IPsec Services 24
- How IPsec Works 25
- IPsec Tunnel Mode 26
- IPsec Elements 27
- Security Gateways 28
- Security Policies 28
- Security Associations 31
- Security Protocols 35
- Authentication Header 36
- Perfect Forward Secrecy 37
- Chapter 2 39
- Installing IPsec 39
- Upgrading Router Software 40
- Installing the IPsec Software 40
- 308630-14.00 Rev 00 41
- Securing Your Site 42
- Securing Your Configuration 42
- Random Number Generator (RNG) 43
- Generating NPKs 43
- Caution: 44
- Changing an NPK 46
- Monitoring NPKs 46
- Chapter 3 47
- Starting IPsec 47
- Creating Policies 48
- Specifying an Action 49
- Policy Considerations 49
- Creating an Outbound Policy 50
- Creating an Inbound Policy 52
- About Automated SA Creation 54
- About Manual SA Creation 56
- Chapter 4 59
- Customizing IPsec 59
- Editing a Policy 60
- Adding a Policy 61
- Frame Relay Protocol 62
- Reordering Policies 64
- Frame Relay 65
- Manual SA Modifications 67
- Disabling IPsec 69
- Appendix A 71
- Site Manager Parameters 71
- Enabling IPsec Parameters 72
- IPsec Policy Parameters 73
- Appendix B 83
- Definitions of k Commands 83
- Appendix C 85
- RTR4 Subnet 192.32.30.0 88
- Manual SA Policy Examples 89
- RTR1 and RTR2 92
- RTR1 93
- RTR2 93
- RTR3 96
- RTR4 96
- Supported Versions 100
- Configuring Through a Browser 100
- Terminology 101
- Configuration Specifics 102
- Feature Comparison Summary 103
- Troubleshooting Tips 104
- Configuration Examples 105
- Protocol Numbers 109
- Appendix D 109
Verwandte Produkte und Handbücher für Software Avaya Configuring IPsec Services
Software Avaya Business Communication Manager 5.0 - Configuration - Devices Bedienungsanleitung
(258 Seiten)
(258 Seiten)
Software Avaya FireWall-1 Bedienungsanleitung
(68 Seiten)
(68 Seiten)
Software Avaya PeriReporter Bedienungsanleitung
(122 Seiten)
(122 Seiten)
Software Avaya PeriProducer 3.00 (Software Release 3.00) - Business Communications Manager Hinweis
(48 Seiten)
(48 Seiten)
Software Avaya Business Communications Manager - Intelligent Contact Center Bedienungsanleitung
(258 Seiten)
(258 Seiten)
Software Avaya BCM50 Konfigurationsanleitung
(568 Seiten)
(568 Seiten)
Software Avaya 15-601067 Bedienungsanleitung
(50 Seiten)
(50 Seiten)
Software Avaya SMON C360 Bedienungsanleitung
(286 Seiten)
(286 Seiten)
Software Avaya 15-601063 Bedienungsanleitung
(460 Seiten)
(460 Seiten)
Software Avaya DXX-1015-01 Bedienungsanleitung
(74 Seiten)
(74 Seiten)
© 2020, manymanuals.de. Alle Rechte vorbehalten. | 0.029 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern