Avaya Configuring IPsec Services Manual de usuario descargar pdf (Pagina 102)

Configuring IPsec Services

D-4

308630-15.1 Rev 00

Performance

The BayRS implementation of IPsec is slower than the Contivity implementation.

Consider performance when determining which traffic needs IPsec protection. If

perfect forward secrecy (PFS) is unnecessary, disable PFS on the Contivity switch

(PFS is disabled by default on BayRS).

Using DES encryption instead of triple DES encryption may be preferable when

considering a tradeoff between performance and protection. Triple DES

computational requirements for encrypting data are higher than those for DES.

Feature Comparison Summary

This section lists the IPsec features supported by both BayRS and Contivity

platforms and features supported by the BayRS or Contivity platform only.

Features Supported by Both Platforms

The following features are supported by both the BayRS and Contivity

implementations of IPsec:

• IPsec ESP protocol

• IKE preshared keys

• IPsec in tunnel mode

• Perfect forward secrecy

• 3DES key generation by Oakley Group 1

• Vendor ID payload

• Delete Payload for IPsec SAs—sending and receiving

• Delete Payload for IKE SAs—receiving only (Contivity software also

supports sending)

• Static routes

Note:

To disable PFS on the Contivity switch, go to the Profiles > Groups >

IPsec: Configure display.

1 2 ... 97 98 99 100 101 102 103 104 105 106 107 ... 121 122

Sin comentarios

Avaya Configuring IPsec Services Manual de usuario Pagina 102