Avaya Configuring IPsec Services Manual de usuario descargar pdf (Pagina 51)

Starting IPsec

308630-15.1 Rev 00

3-7

Creating Security Associations

Security associations enable you to provide bidirectional protection for data

packets traveling between two routers. Each SA establishes security for data

passing in a single direction. A pair of SAs (a Protect SA and an Unprotect SA)

are created, either automatically by IKE or manually by you, for any IPsec policy

configured on a security gateway. Each SA includes security information such as

algorithm and keys.

Automated SA Creation

IKE creates automated SAs based on the proposals that you configure for an IPsec

outbound policy in Site Manager. Each proposal specifies an encryption

transform, an authentication transform, or both for the automated SA. You do not

need to specify keys for automated SAs, because IKE creates them dynamically.

For examples of how to configure automated SAs, see “

Automated SA (IKE)

Policy Examples” on page C-2.

You can configure up to four proposals for a policy, in order of preference. IKE

negotiates an automated SA based on the first proposal that matches one

configured on the remote security gateway. IKE creates both the inbound and the

outbound SAs based on the results of the proposal negotiation.

12. From the Templates list, select a template

on which to base this policy.

13. Click on

. You return to the IPsec Inbound Policies

window.

14. To create other inbound policies, repeat

steps 10 through 13.

15. Click on

Done

. You return to the IPsec Configuration for

Interface window.

Note:

You should use automated SA creation (IKE) for greater security and

decreased configuration management overhead.

Site Manager Procedure (continued)

You do this System responds

1 2 ... 46 47 48 49 50 51 52 53 54 55 56 ... 121 122

Sin comentarios

Avaya Configuring IPsec Services Manual de usuario Pagina 51