Avaya Configuring IP Security Services Manual de usuario descargar pdf (Pagina 75)

100

Configuration Examples

304111-B Rev 00

C-5

Manual SA Policy Examples

As you review the security policy examples in this section, refer to Figure C-2.

All of the routers have OSPF interfaces configured for type NBMA transmit

unicast frames. An outbound and an inbound bypass policy protect all unicast

traffic for the specified router subnetworks.

Security policy examples 1 and 2 show how to configure outbound policies to

protect all unicast traffic between RTR1 and RTR2; examples 3 and 4 show how to

configure outbound policies to protect all unicast traffic between RTR2 and RTR3;

and examples 5, 6, and 7 show how to configure outbound policies to protect all

traffic between RTR1 and RTR3. A bypass inbound policy is in effect for all

incoming traffic to the routers so that no SAs are required.

Figure C-2. IPsec Manual Outbound Policies for RTR1, RTR2, and RTR3

Example 1: Required Policies on RTR1 to Protect Data Between

RTR1 Subnet 192.32.5.0 and RTR2 Subnet 192.28.41.0

RTR 1 Interface S21

Policy

Outbound

Action

Protect

Criteria

IP source address range: 192.32.5.0 - 192.32.5.255

IP destination address range: 192.28.41.0 - 192.28.41.255

Source: 1.1.1.1

Destination: 1.1.1.2 SPI 256

RTR1

RTR2

RTR3

Protect / Unprotect SA

RTR1 to RTR2

SPI 256

Protect / Unprotect SA

RTR2 to RTR3

SPI 256

Protect / Unprotect SA

RTR1 to RTR3

SPI 257

IP / IPsec / OSPF(Type: NBMA)

IP / IPsec / RIP

S21

1.1.1.1

S31

2.2.2.1

S11

2.2.2.2

192.32.5.0

192.28.41.0

192.131.141.0

S21

1.1.1.2

1 2 ... 70 71 72 73 74 75 76 77 78 79 80 ... 99 100

Comentarios a estos manuales

Sin comentarios

Avaya Configuring IP Security Services Manual de usuario Pagina 75

Comentarios a estos manuales

Relacionado con productos y manuales para Software Avaya Configuring IP Security Services