Avaya Configuring IPsec Services Bedienungsanleitung PDF herunterladen (Seite 31)

Overview of IPsec

308630-14.00 Rev 00

1-11

• IP destination address

• Protocol

To specify the protocol criterion, you must provide the numeric value assigned to

the protocol for use over the Internet. You can specify only a single protocol value

for each policy. The protocol number is represented in the 1-byte protocol field in

an IP packet header.

Refer to Appendix D

for a list of protocol numbers. To obtain the most recent list

of the numeric values assigned to various protocols, see the Internet Assigned

Numbers Authority (IANA) Web site at:

http://www.iana.org

The direct path to the list of legal values that you can specify for an IPsec policy

protocol criterion as of this printing is:

http://www.isi.edu/in-notes/iana/assignments/protocol-numbers

Security Associations

A security association (SA) is a relationship in which two peers share the

necessary information to securely protect and unprotect data. An IPsec SA is

uniquely identified by an IP destination address, security parameter index (SPI),

and security protocol identifier (for example, ESP in tunnel mode).

An IPsec policy determines which packets will be handled. An IPsec SA specifies

which IPsec security service (for example, confidentiality) IPsec will apply to the

packets. You can apply one or more IPsec security services.

SAs themselves must be created and shared in a secure manner. There are two

ways of achieving this: by using the automated security negotiation process

provided by the Internet Key Exchange (IKE) protocol; or by manually

configuring the sending and receiving devices with a shared secret. A shared

secret is a unique security identifier.

1 2 ... 26 27 28 29 30 31 32 33 34 35 36 ... 121 122

Keine Kommentare

Avaya Configuring IPsec Services Bedienungsanleitung Seite 31