Enterasys Networks CSX7000 Manuel d'utilisateur Page 236

  • Télécharger
  • Ajouter à mon manuel
  • Imprimer
  • Page
    / 729
  • Table des matières
  • MARQUE LIVRES
  • Noté. / 5. Basé sur avis des utilisateurs
Vue de la page 235
USER’S GUIDE
236 CyberSWITCH
SECURITY PARAMETER INDEX (SPI)
A 32-bit number (eight hexadecimal digits) used to identify the security associations between
CyberSWITCH nodes. The SPI must be greater than or equal to 00000100hex. The SPI is transmitted
in the Encapsulating Security Payload (ESP) header and used by the peer CyberSWITCH node to
identify the necessary information to decrypt the ESP payload.
The following element applies to Link Layer Encryption only:
P
ROPRIETARY KEY EXCHANGE
When using Link Layer encryption, this feature supports an automated key exchange (for
Cabletron products only). If you enable this feature, you do not need to manually specify
encryption/decryption keys.
E
NCRYPTION/DECRYPTION KEY
This key is used for PPP devices only, and must be 16 digits in length. You may use any
combination of hexadecimal digits in the key. The encryption key you configure on one side of the
connection (site “A) must match the decryption key you configure on the other side of the
connection (site “B”).
ENCRYPTION BACKGROUND INFORMATION
IP NETWORK LAYER ENCRYPTION
IP Network Layer Encryption consists of:
an Encapsulating Security Payload (ESP) implementation
Authentication Headers (AH)
The CyberSWITCH provides IP Security by using either ESP or AH, or a combination of the two.
ESP I
MPLEMENTATION
The IP Encryption feature provides a connection between two or more trusted subnets through the
Internet or any other IP network. IP datagrams transmitted from one trusted subnet to another
trusted subnet funnel through a CyberSWITCH node where they are encrypted and encapsulated.
The destination address on the encapsulated datagram is that of the CyberSWITCH node servicing
the other trusted subnet.
IP datagrams to these IP destination addresses are encrypted and encapsulated with an
Encapsulating Security Payload (ESP) header. The ESP header indicates a destination address of an
intermediate CyberSWITCH node which is responsible for decrypting and decapsulating these
packets before sending them on to their intended destination.
When the IP datagram reaches the destination CyberSWITCH node, the ESP header is removed,
the ESP payload is decrypted, and the original IP datagram is forwarded to its original destination.
The CyberSWITCH requires Security Associations to identify:
range of IP addresses (i.e., one for source subnet and one for destination subnet)
encryption parameters to be used to encrypt communications to those IP addresses
IP address of the peer CyberSWITCH responsible for decrypting the communications
Vue de la page 235
1 2 ... 231 232 233 234 235 236 237 238 239 240 241 ... 728 729

Commentaires sur ces manuels

Pas de commentaire