search

Enterasys Networks CSX7000 Manuel d'utilisateur Page 239

  • Télécharger
  • Ajouter à mon manuel
  • Imprimer
  • Page
    / 729
  • Table des matières
  • MARQUE LIVRES
    • Noté. / 5. Basé sur avis des utilisateurs
Vue de la page 238
Central Site Remote Access Switch 239
C
ONFIGURING
E
NCRYPTION
Encryption Background Information
AUTOMATED KEY EXCHANGE
The CyberSWITCH’s automated key exchange uses a proprietary protocol defined for use with
Cabletron remote access products. This proprietary protocol exchanges information during ECP
(Encryption Control Protocol) negotiation to produce proper keys.
To use automated key exchange, the feature must be enabled for each device, and the DES/RSA
resource must be properly configured and installed on the CyberSWITCH.
When a PPP call to a particular device is initiated or received, the CyberSWITCH will attempt to
use ECP to negotiate encryption (if it is enabled for this device). If ECP negotiation succeeds, then
data transmitted over the PPP link will be encrypted using 56-bit session keys. The CyberSWITCH
will encrypt outgoing plain text using the encryption key, and decrypt incoming enciphered data
using the decryption key. If ECP negotiation fails, then the CyberSWITCH will bring down the call.
When encryption is enabled, an unsecure PPP session will not be allowed.
INTERACTION WITH OTHER FEATURES
IP FILTERS
You can use IP Filters to automatically discard or forward IP datagrams based on the contents of
various fields within the IP datagram. You can also use ESP Tunnel Mode to allow IP datagrams to
tunnel through IP filters. To assure the proper filtering, you must understand whether an IP filter
is applied to the encapsulated datagram or the unencapsulated datagram.
When an ESP datagram is simply passing through a node to be routed from a previous hop to the
next hop, any IP filters will be applied only to the encapsulated datagram. The original source and
destination, protocol, and any other information from the original datagram will not be used in any
filtering logic.
On the source gateway, the original datagram will tunnel through any output filters. However, on
the destination gateway, input filters will be applied first to the ESP and then to the original
datagram. The ESP datagram will be filtered by an output filter on the source gateway and an input
filter on the destination gateway. Global filters on both gateways apply to both the ESP and the
original datagram.
The following tables list which filters are applicable to the different datagrams:
Original Datagram Input filters Global filters Output filters
source gateway no yes no
intermediate node no no no
destination gateway yes yes no
ESP Datagram Input filters Global filters Output filters
source gateway no yes yes
intermediate node yes yes yes
destination gateway yes yes no
Vue de la page 238
1 2 ... 234 235 236 237 238 239 240 241 242 243 244 ... 728 729

Commentaires sur ces manuels

Pas de commentaire
  • SIG MiTAC VIGO System Smithco Brionvega
  • Carrier Foyers Hunter Purificateurs d'air Revox Amplificateur pour instrument de musique GoVideo Lecteurs de cassettes Mesa/Boogie Équipement musical supplémentaire
  • Toro Groundsmaster 5900 Palm III Organizer Roland DD-20 HP Pavilion 25bw 25-inch Diagonal IPS LED Backlit Monitor
  • Vauxhall Ampera Manuel de service Home Accents Holiday TY-S46-C Manuel d'instructions Ocean-optics S1000 Manuel de l'utilisateur KitchenAid 5KHB2571 Mode d'emploi Brother HL-4570CDWT Guide d'installation