Chapter 12
Tunneling and VPNs
RUGGEDCOM ROX II
CLI User Guide
404
Managing IPsec Tunnels
Section 12.8
Managing IPsec Tunnels
IPsec (Internet Protocol SECurity) uses strong cryptography to provide authentication and encryption services.
Authentication ensures that packets are from the right sender and have not been altered in transit. Encryption
prevents unauthorized reading of packet contents.
These services allow secure tunnels to be built through untrusted networks. Everything passing through the
untrusted network is encrypted by the IPsec gateway and decrypted by the gateway at the other end. The result is
a Virtual Private Network (VPN), a network which is effectively private even though it includes machines at several
different sites connected by the insecure Internet.
For more information about IPsec tunnels, refer to
Section 12.8.1, “IPsec Tunneling Concepts”
IMPORTANT!
IPsec is time-sensitive. To make sure proper re-keying between network peers, the time on both peers
must be synchronized. It is strongly recommended that NTP (Network Time Protocol) be used on
both IPsec peers to synchronize their clocks. For more information about configuring NTP, refer to
Section 17.8, “Managing NTP Servers”
.
CONTENTS
•
Section 12.8.1, “IPsec Tunneling Concepts”
•
Section 12.8.2, “Configuring IPsec Tunnels”
•
Section 12.8.3, “Configuring Certificates and Keys”
•
Section 12.8.4, “Viewing the IPsec Tunnel Status”
•
Section 12.8.5, “Managing Pre-Shared Keys”
•
Section 12.8.6, “Managing Connections”
•
Section 12.8.7, “Managing the Internet Key Exchange (IKE) Protocol”
•
Section 12.8.8, “Managing the Encapsulated Security Payload (ESP) Protocol”
•
Section 12.8.9, “Configuring the Connection Ends”
•
Section 12.8.10, “Managing Private Subnets”
•
Section 12.8.11, “Example: Configuring an Encrypted VPN Tunnel”
Section 12.8.1
IPsec Tunneling Concepts
The IPsec suite of protocols were developed by the Internet Engineering Task Force (IETF) and are required as part
of IP version 6. Libreswan is the open source implementation of IPsec used by RUGGEDCOM ROX II.
The protocols used by IPsec are the Encapsulating Security Payload (ESP) and Internet Key Exchange (IKE)
protocols. ESP provides encryption and authentication (ensuring that a message originated from the expected
sender and has not been altered on route). IKE negotiates connection parameters, including keys, for ESP. IKE is
Содержание RUGGEDCOM ROX II
Страница 2: ...RUGGEDCOM ROX II CLI User Guide ii ...
Страница 4: ...RUGGEDCOM ROX II CLI User Guide iv ...
Страница 39: ...RUGGEDCOM ROX II CLI User Guide Table of Contents xxxix 19 5 VLANs 752 ...
Страница 40: ...Table of Contents RUGGEDCOM ROX II CLI User Guide xl ...
Страница 46: ...Preface RUGGEDCOM ROX II CLI User Guide xlvi Customer Support ...
Страница 96: ...Chapter 2 Using RUGGEDCOM ROX II RUGGEDCOM ROX II CLI User Guide 50 Accessing Maintenance Mode ...
Страница 170: ...Chapter 5 System Administration RUGGEDCOM ROX II CLI User Guide 124 Deleting a Scheduled Job ...
Страница 256: ...Chapter 6 Security RUGGEDCOM ROX II CLI User Guide 210 Enabling Disabling a Firewall ...
Страница 402: ...Chapter 11 Wireless RUGGEDCOM ROX II CLI User Guide 356 Managing Cellular Modem Profiles ...
Страница 646: ...Chapter 13 Unicast and Multicast Routing RUGGEDCOM ROX II CLI User Guide 600 Deleting a Multicast Group Prefix ...
Страница 732: ...Chapter 15 Network Discovery and Management RUGGEDCOM ROX II CLI User Guide 686 Viewing NETCONF Statistics ...
Страница 790: ...Chapter 17 Time Services RUGGEDCOM ROX II CLI User Guide 744 Deleting a Broadcast Multicast Address ...