Enterasys Networks CSX7000 Manuel d'utilisateur télécharger pdf (Page 232)

100

101

USER’S GUIDE

232 CyberSWITCH

CONFIGURING SECURITY ASSOCIATIONS AND AUTHENTICATION (IP SECURITY ONLY)

IP Security encryption configuration consists of the following elements:

• setting up security associations for Encapsulating Security Payload (ESP)

• optionally specifying keys for Authentication Headers (AH)

Security Associations are necessary for IP networks that plan to use an untrusted/unprotected

media, such as the Internet. Security Associations identify the IP addresses for which exchanged

datagrams must be encrypted. They also provide the parameters necessary to encrypt and decrypt

IP datagrams. By default, the CyberSWITCH has no Security Associations. Therefore, to enable

encryption, you must specify these associations.

When configuring two CyberSWITCH nodes, the security association information from one node

must parallel the information on the other node. The parameters for Transform Menu, Shared Secret

Key, and Security Parameter Index must be the same on both nodes in order for the nodes to

communicate.

Likewise, if you plan to authenticate packets prior to encryption/decryption, the authentication

key information from one node must parallel the information on the other node.

SING CFGEDIT

1. From the CFGEDIT Main Menu, select Options.

2. Select IP Routing. If IP routing is disabled, enable this now.

3. Select IP Security Associations.

4. Select Add. Respond to the following series of questions:

Security Association Packet Direction Menu:

1) Outgoing (packets from trusted local subnet to remote site)

2) Incoming (packets to trusted local subnet from remote site)

3) Both outgoing and incoming

ID of the Direction for this Security Association [default = 3] ?

Enter the Final Destination IP address in dotted decimal notation or <RET> to cancel?

197.1.0.0

Enter the number of significant bits for the Subnet Mask [default = 8 ]? 16

Enter the Source IP Address in dotted decimal notation or <RET> to cancel? 197.4.0.0

Enter the number of significant bits for the Subnet Mask [default = 8]? 16

Enter the Destination Gateway/Router IP Address in dotted decimal notation or <RET>

to cancel? 197.1.1.1

Security Association IV Length Menu:

1) 32 bits

2) 64 bits

ID of IV length to use: [default = 2]?

Enter the Shared Secret Encryption Key for this Security Association:

AAABBB1234567890

1 2 ... 227 228 229 230 231 232 233 234 235 236 237 ... 728 729

Commentaires sur ces manuels

Pas de commentaire

Enterasys Networks CSX7000 Manuel d'utilisateur Page 232

Commentaires sur ces manuels