Avaya Configuring IPsec Services Manual de usuario Pagina 32
- Pagina / 122
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Configuring IPsec Services
1-12
308630-14.00 Rev 00
Automated Security Associations Using Internet Key Exchange (IKE)
Internet Key Exchange (IKE) is an automated protocol to establish security
associations over the Internet. (IKE is also referred to as the Internet Security
Association Key Management Protocol with Oakley Key Determination, or
ISAKMP/Oakley.) IKE handles negotiating, establishing, modifying, and deleting
security associations.
To set up these security associations, IKE itself must create a confidential, secure
connection between the sender and receiver. Authentication is accomplished with
one or more of the following:
• Pre-shared keys: These are set up ahead of time at each node in a transaction.
• Public key cryptography: Using the RSA public key algorithm, each
member of a transaction authenticates itself to the other using the other
member’s public key to encrypt an authentication value.
• Digital signature: Each member of a transaction sends a digital signature to
the other. The signatures are authenticated using the member’s public key,
obtained via an X.509 digital certificate.
The BayRS implementation of IKE uses pre-shared keys only.
Manual Security Associations
Manually configuring security associations is a more cumbersome and
labor-intensive process than using IKE. If possible, IKE should be used to make
large-scale secure communications practical.
Manually configured SAs often rely on static, symmetric keys on communicating
hosts or security gateways. As such, you must coordinate within your organization
and with outside parties to configure keys that will protect your information.
Security Associations for Bidirectional Traffic
An SA specifies the security services that are applied to data packets traveling in
one direction between security gateways. To secure the traffic in both directions,
the security gateway must have a Protect SA for data transmitted from the local
IPsec interface and an Unprotect SA for data received by the local IPsec interface
(Figure 1-4)
.
- Configuring IPsec Services 1
- Trademarks 2
- Restricted Rights Legend 2
- Statement of Conditions 2
- Contents 7
- 308630-14.00 Rev 00 ix 9
- 308630-14.00 Rev 00 xi 11
- 308630-14.00 Rev 00 xiii 13
- Before You Begin 15
- Text Conventions 16
- Acronyms 17
- Hard-Copy Technical Manuals 19
- How to Get Help 19
- Chapter 1 21
- Overview of IPsec 21
- About IPsec 22
- Note Regarding IPsec and NAT 22
- Supported Routers 23
- Supported WAN Protocols 23
- IPsec Services 24
- How IPsec Works 25
- IPsec Tunnel Mode 26
- IPsec Elements 27
- Security Gateways 28
- Security Policies 28
- Security Associations 31
- Security Protocols 35
- Authentication Header 36
- Perfect Forward Secrecy 37
- Chapter 2 39
- Installing IPsec 39
- Upgrading Router Software 40
- Installing the IPsec Software 40
- 308630-14.00 Rev 00 41
- Securing Your Site 42
- Securing Your Configuration 42
- Random Number Generator (RNG) 43
- Generating NPKs 43
- Caution: 44
- Changing an NPK 46
- Monitoring NPKs 46
- Chapter 3 47
- Starting IPsec 47
- Creating Policies 48
- Specifying an Action 49
- Policy Considerations 49
- Creating an Outbound Policy 50
- Creating an Inbound Policy 52
- About Automated SA Creation 54
- About Manual SA Creation 56
- Chapter 4 59
- Customizing IPsec 59
- Editing a Policy 60
- Adding a Policy 61
- Frame Relay Protocol 62
- Reordering Policies 64
- Frame Relay 65
- Manual SA Modifications 67
- Disabling IPsec 69
- Appendix A 71
- Site Manager Parameters 71
- Enabling IPsec Parameters 72
- IPsec Policy Parameters 73
- Appendix B 83
- Definitions of k Commands 83
- Appendix C 85
- RTR4 Subnet 192.32.30.0 88
- Manual SA Policy Examples 89
- RTR1 and RTR2 92
- RTR1 93
- RTR2 93
- RTR3 96
- RTR4 96
- Supported Versions 100
- Configuring Through a Browser 100
- Terminology 101
- Configuration Specifics 102
- Feature Comparison Summary 103
- Troubleshooting Tips 104
- Configuration Examples 105
- Protocol Numbers 109
- Appendix D 109
Relacionado con productos y manuales para Software Avaya Configuring IPsec Services
Software Avaya Configuring IP Services Manual de usuario
(415 paginas)
(415 paginas)
Software Avaya Business Communication Manager 5.0 - Configuration - Devices Manual de usuario
(258 paginas)
(258 paginas)
Software Avaya Configuring IP Services Manual de usuario
(466 paginas)
(466 paginas)
Software Avaya FireWall-1 Manual de usuario
(68 paginas)
(68 paginas)
Software Avaya PeriReporter Manual de usuario
(122 paginas)
(122 paginas)
Software Avaya PeriProducer 3.00 (Software Release 3.00) - Business Communications Manager aviso
(48 paginas)
(48 paginas)
Software Avaya BayRS Version 15.7.0.0 Manual de usuario
(400 paginas)
(400 paginas)
Software Avaya Business Communications Manager - Intelligent Contact Center Manual de usuario
(258 paginas)
(258 paginas)
Software Avaya BCM50 Guía de configuración
(568 paginas)
(568 paginas)
Software Avaya 15-601067 Manual de usuario
(50 paginas)
(50 paginas)
Software Avaya SMON C360 Manual de usuario
(286 paginas)
(286 paginas)
Software Avaya 15-601063 Manual de usuario
(460 paginas)
(460 paginas)
Software Avaya DXX-1015-01 Manual de usuario
(74 paginas)
(74 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.087 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales