Issue 5 June 2008
549
Chapter 19: Configuring IPSec VPN
VPN (Virtual Private Network) defines a private secure connection between two nodes on a
public network such as the Internet. VPN at the IP level is deployed using IP Security (IPSec).
IPSec is a standards-based set of protocols defined by the IETF that provide privacy, integrity,
and authenticity to information transferred across IP networks.
The standard key exchange method employed by IPSec uses the Internet Key Exchange (IKE)
protocol to exchange key information between the two nodes (referred to as peers). Each peer
maintains Security Associations (SAs) to maintain the private secure connection. IKE operates
in two phases:
●
The Phase-1 exchange negotiates an IKE SA
●
The IKE SA created in Phase-1 secures the subsequent Phase-2 exchanges, which in turn
generate IPSec SAs
IPSec SAs secure the actual traffic between the protected networks behind the peers, while the
IKE SA only secures the key exchanges that generate the IPSec SAs between the peers.
The G250/G350 IPSec VPN feature is designed to support site-to-site topologies, in which the
two peers are gateways.
Note:
Note:
To configure IPSec VPN, you need at least a basic knowledge of IPSec. Refer to
the following guide for a suitable introduction:
http://www.tcpipguide.com/free/t_IPSecurityIPSecProtocols.htm
G250/G350 R2.2 VPN capabilities
R2.2 VPN supports the following:
●
Standards-based IPSec implementation [RFC 2401-RFC 2412...]
●
Standard encryption and authentication algorithms for IKE and ESP: DES,TDES, AES
(128 bit), MD5-HMAC, SHA1-HMAC, IKE DH groups 1 & 2
●
ESP for data protection and IKE (main mode) for key exchange
●
Quick Mode key negotiation with Perfect Forward Secrecy (PFS)
●
IKE peer authentication through pre-shared secret
●
Multiple IPSec peers (up to 50) for Mesh and hub-and-spoke IPSec topologies
●
IPSec protection can be applied on any output port and on many ports concurrently, for
maximum installation flexibility
Summary of Contents for Media Gateway G250
Page 1: ...Administration for the Avaya G250 and Avaya G350 Media Gateways 03 300436 Issue 5 June 2008 ...
Page 24: ...Contents 24 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 32: ...Introduction 32 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 38: ...Configuration overview 38 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 244: ...Configuring logging 244 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 258: ...Configuring VoIP QoS 258 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 370: ...Configuring SNMP 370 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 548: ...Configuring the router 548 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 664: ...Configuring policy 664 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 686: ...Setting synchronization 686 Administration for the Avaya G250 and Avaya G350 Media Gateways ...