Avaya Configuring IPsec Services Manual de usuario descargar pdf (Pagina 33)

Overview of IPsec

308630-15.1 Rev 00

1-15

In Table 1-2, the IP source and destination addresses for the SA are the tunnel end

points for the IPsec tunnel through which the traffic passes. Intermediate routers

are unaware that the traffic is encrypted and pass it along just like any other

packet.

Security Protocols

IPsec can use two protocols to provide traffic security:

• Encapsulating Security Payload (ESP)

• Authentication Header (AH)

You can use either protocol or both to protect data packets on a VPN. Generally,

only one protocol is necessary.

Encapsulating Security Payload (ESP) Protocol

The ESP protocol provides confidentiality (encryption) services. It can also

provide data integrity, data origin authentication, and an anti-replay service.

• Data integrity ensures that the data has not been altered.

• Data origin authentication validates the sending and receiving parties.

• Anti-replay service ensures that the receiver receives and processes each

packet only once.

Table 1-2. Manual SA Configurations

Security Association SPI Cipher Integrity

Source

Address

Destination

Address Algorithm

Key

Length Key Algorithm Key

IP address IP address 270 DES 40 Hex value HMAC MD5 Hex value

IP address IP address 260 DES 56 Hex value HMAC MD5 Hex value

Note:

The Nortel Networks implementation of IPsec uses ESP only. Nortel

Networks does not implement the AH protocol because the same functions are

available in ESP.

1 2 ... 28 29 30 31 32 33 34 35 36 37 38 ... 121 122

Sin comentarios

Avaya Configuring IPsec Services Manual de usuario Pagina 33