V7122 Gateway User Guide
335
IPSec
IPSec is responsible for encrypting and decrypting the IP streams.
The IPSec Security Policy Database (SPD) table defines up to 20 IP peers to which the
IPSec security is applied. IPSec can be applied to all packets designated to a specific IP
address or to a specific IP address, port (source or destination) and protocol type.
Each outgoing packet is analyzed and compared to the SPD table. The packet's destination
IP address (and optionally, destination port, source port and protocol type) are compared to
each entry in the table. If a match is found, the gateway checks if an SA already exists for
this entry. If it doesn’t, the IKE protocol is invoked (see
IKE
) and an IPSec SA is established.
The packet is encrypted and transmitted. If a match isn’t found, the packet is transmitted un-
encrypted.
An incoming packet whose parameters match one of the entries of the SPD table
but is received un-encrypted, is dropped.
IPSec specifications:
Transport mode only.
Encapsulation Security Payload (ESP) only.
Support for Cipher Block Chaining (CBC).
Supported IPSec SA encryption algorithms – DES, 3DES and AES.
Hash types for IPSec SA are SHA1 and MD5.
Configuring the IPSec and IKE
To enable IPSec and IKE on the gateway set the
ini
file parameter ‘EnableIPSec’ to 1.
IKE Configuration
The parameters described in
Table 68
are used to configure the first phase (main mode) of
the IKE negotiation for a specific peer. A different set of parameters can be configured for
each of the 20 available peers.
Содержание VCX V7122
Страница 28: ...28 V7122 GatewayUser Guide ...
Страница 39: ...V7122 Gateway User Guide 39 Reader s Notes ...
Страница 40: ...40 V7122 GatewayUser Guide ...
Страница 58: ...58 V7122 GatewayUser Guide Reader s Notes ...
Страница 66: ...66 V7122 GatewayUser Guide Reader s Notes ...
Страница 144: ...144 V7122 GatewayUser Guide Reader s Notes ...
Страница 239: ...V7122 Gateway User Guide 239 Reader s Notes ...
Страница 240: ...240 V7122 GatewayUser Guide ...
Страница 246: ...246 V7122 GatewayUser Guide Reader s Notes ...
Страница 270: ...270 V7122 GatewayUser Guide Reader s Notes ...
Страница 287: ...V7122 Gateway User Guide 287 Reader s Notes ...
Страница 288: ...288 V7122 GatewayUser Guide ...
Страница 294: ...294 V7122 GatewayUser Guide Reader s Notes ...
Страница 300: ...300 V7122 GatewayUser Guide Figure 88 Gateway s Startup Process ...
Страница 315: ...V7122 Gateway User Guide 315 Reader s Notes ...
Страница 316: ...316 V7122 GatewayUser Guide ...
Страница 332: ...332 V7122 GatewayUser Guide Reader s Notes ...
Страница 358: ...358 V7122 GatewayUser Guide Reader s Notes ...
Страница 362: ...362 V7122 GatewayUser Guide Reader s Notes ...
Страница 389: ...V7122 Gateway User Guide 389 Reader s Notes ...
Страница 390: ...390 V7122 GatewayUser Guide ...
Страница 398: ...398 V7122 GatewayUser Guide Reader s Notes ...
Страница 406: ...406 V7122 GatewayUser Guide Reader s Notes ...
Страница 408: ...408 V7122 GatewayUser Guide Reader s Notes ...
Страница 409: ...V7122 Gateway User Guide 409 ...
Страница 419: ...V7122 Gateway User Guide 419 Reader s Notes ...
Страница 437: ...V7122 Gateway User Guide 437 Reader s Notes ...
Страница 452: ...452 V7122 GatewayUser Guide Figure 137 UDP2File Utility ...
Страница 453: ...V7122 Gateway User Guide 453 Reader s Notes ...
Страница 459: ...V7122 Gateway User Guide 459 Reader s Notes ...
Страница 475: ...V7122 Gateway User Guide 475 ...