IP Security - Virtual Private Network
Left running head:
Chapter name (automatic)
798
Beta
Beta
CLI Configuration Guide
Alcatel-Lucent
Note:
It is recommended to use Diffie-Hellmann PFS Group 5.
•
group1: Use Diffie-Hellman Group 1: 768 bits
•
group2: Use Diffie-Hellman Group 2: 1024 bits
•
group5: Use Diffie-Hellman Group 5: 1536 bits
N
ETWORK
A
DDRESS
T
RANSLATION
NAT can occur after or before IPsec. NAT interferes with IPsec by blocking tunnel
establishment or traffic flow through the tunnel due to change in IP headers. It is a
best practice to avoid application of NAT and IPsec traffic on the same interface. If
they are applied on the same interface until and unless it is absolutely necessary,
appropriate NAT bypass must be configured.
Generally NAT and IPsec are applied on same interface (public). From a
performance perspective, this is not a good conjunction. Hence the OA-700
allows you to use the bypass command, to
bypass
all the NAT traffic and allow
only the IPsec traffic. This can be achieved in the following ways.
Note:
The match-list used in IPsec should be applied as bypass rule in NAT with higher
priority as compared to the match-list specifying traffic for which NAT is intended.
N
ETWORK
A
CCESS
C
ONTROL
Filtering inbound traffic is recommended to allow only IKE and ESP on the
particular interface from where the IPsec tunnels is initiated.
I
NTEROPERABILITY
Although IPsec is a documented standard, it has still left a room for interpretation.
In addition, Internet Drafts such as IKE mode-configuration and vendor proprietary
features increase the likelihood of interoperability challenges. For these reasons,
check should be made with the vendor of the products for interoperability
informations.
Содержание OmniAccess 700
Страница 38: ...Left running head Chapter name automatic 12 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 176: ...Left running head Chapter name automatic 150 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 224: ...Per VLAN Spanning Tree Left running head Chapter name automatic 198 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 258: ...Port Monitoring Left running head Chapter name automatic 232 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 260: ...Left running head Chapter name automatic 234 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 296: ...T1E1 Line Card Left running head Chapter name automatic 270 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 360: ...Point to Point Protocol Left running head Chapter name automatic 334 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 434: ...Left running head Chapter name automatic 408 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 462: ...Common Classifiers Left running head Chapter name automatic 436 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 464: ...Left running head Chapter name automatic 438 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 534: ...Border Gateway Protocol Left running head Chapter name automatic 508 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 638: ...Left running head Chapter name automatic 612 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 762: ...Filter and Firewall Left running head Chapter name automatic 736 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 890: ...Transparent Firewall Left running head Chapter name automatic 864 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 940: ...Left running head Chapter name automatic 914 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1000: ...Quality of Service Left running head Chapter name automatic 974 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1002: ...Left running head Chapter name automatic 976 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1044: ...DNS Domain Name Service Client Left running head Chapter name automatic 1018 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1046: ...Left running head Chapter name automatic 1020 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1058: ...Left running head Chapter name automatic 1032 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1074: ...Lifeline Left running head Chapter name automatic 1048 Beta Beta CLI Configuration Guide Alcatel Lucent line con 0 end ...
Страница 1076: ...Left running head Chapter name automatic 1050 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1118: ...Web Cache Server Left running head Chapter name automatic 1092 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1120: ...Left running head Chapter name automatic 2 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1140: ...QoS Values and Mnemonics Left running head Chapter name automatic 22 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1156: ...IPsec Interoperability of OA 700 Left running head Chapter name automatic 38 Beta Beta CLI Configuration Guide Alcatel Lucent ...