IP Security - Virtual Private Network
Left running head:
Chapter name (automatic)
796
Beta
Beta
CLI Configuration Guide
Alcatel-Lucent
B
EST
P
RACTICES
F
OR
D
EPLOYING
IP
SEC
VPN
Virtual Private Networks are convenient, but they can also create gaping security
holes in the network. The following sections discuss general guidelines that needs
to be kept in mind but are independent of VPN configuration.
The following sections provide information on best practices for deploying IPsec
VPN:
•
“Identity”
•
“IPsec Access Control”
•
“IPsec”
•
“Network Address Translation”
•
“Network Access Control”
•
“Interoperability”
I
DENTITY
It is important that the devices are identified in a secure and manageable manner.
Device authentication uses either a preshared key or digital certificates to provide
the device authentication.
P
RESHARED
K
EY
Preshared keys are of three types:
•
Unique—Unique preshared keys are tied to a specific IP address.
•
Group—Group preshared keys are tied to a group-name identity
•
Wild card—These keys are not associated with any factor unique information to
determine a peer's identity.
Since, a Wild Card Key is not tied to a specific IP address, it should not be used
when deploying site-to-site VPN tunnels. When using Wild Card keys, every
single device uses the same key. Hence, if a single device in the network has
been compromised and the wild card key has been determined, all the devices in
the network are compromised.
Using Unique preshared key is advisable. But the drawback of using preshared
key is that it would not scale in large networks. Providing strong device
authentication also would depend upon how often the keys are changed and the
key length. Most devices provide a maximum key length of 127 characters strong.
It is up to you to decide upon the key length. It is recommended to use a minimum
key length of 16 characters.
Note:
The OA-700 supports only unique preshared key to provide better security.
Содержание OmniAccess 700
Страница 38: ...Left running head Chapter name automatic 12 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 176: ...Left running head Chapter name automatic 150 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 224: ...Per VLAN Spanning Tree Left running head Chapter name automatic 198 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 258: ...Port Monitoring Left running head Chapter name automatic 232 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 260: ...Left running head Chapter name automatic 234 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 296: ...T1E1 Line Card Left running head Chapter name automatic 270 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 360: ...Point to Point Protocol Left running head Chapter name automatic 334 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 434: ...Left running head Chapter name automatic 408 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 462: ...Common Classifiers Left running head Chapter name automatic 436 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 464: ...Left running head Chapter name automatic 438 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 534: ...Border Gateway Protocol Left running head Chapter name automatic 508 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 638: ...Left running head Chapter name automatic 612 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 762: ...Filter and Firewall Left running head Chapter name automatic 736 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 890: ...Transparent Firewall Left running head Chapter name automatic 864 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 940: ...Left running head Chapter name automatic 914 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1000: ...Quality of Service Left running head Chapter name automatic 974 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1002: ...Left running head Chapter name automatic 976 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1044: ...DNS Domain Name Service Client Left running head Chapter name automatic 1018 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1046: ...Left running head Chapter name automatic 1020 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1058: ...Left running head Chapter name automatic 1032 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1074: ...Lifeline Left running head Chapter name automatic 1048 Beta Beta CLI Configuration Guide Alcatel Lucent line con 0 end ...
Страница 1076: ...Left running head Chapter name automatic 1050 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1118: ...Web Cache Server Left running head Chapter name automatic 1092 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1120: ...Left running head Chapter name automatic 2 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1140: ...QoS Values and Mnemonics Left running head Chapter name automatic 22 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1156: ...IPsec Interoperability of OA 700 Left running head Chapter name automatic 38 Beta Beta CLI Configuration Guide Alcatel Lucent ...