Avaya Configuring IPsec Services Manual do Utilizador descarregar pdf (Página 30)

Configuring IPsec Services

1-12

308630-15.1 Rev 00

To set up these security associations, IKE itself must create a confidential, secure

connection between the sender and receiver. Authentication is accomplished using

one or more of the following:

• Preshared keys: These are set up ahead of time at each node in a transaction.

• Public key cryptography: Using the RSA

public key algorithm, each

member of a transaction authenticates itself to the other using the other

member’s public key to encrypt an authentication value.

• Digital signature: Each member of a transaction sends a digital signature to

the other. The signatures are authenticated using the member’s public key,

obtained via an X.509 digital certificate.

Manual Security Associations

Manually configuring security associations is a more cumbersome and

labor-intensive process than using IKE. If possible, use IKE to make large-scale

secure communications practical.

Manually configured SAs often rely on static, symmetric keys on communicating

hosts or security gateways. Therefore, you must coordinate the configuration of

the keys that will protect your information within your organization and with

outside parties.

Security Associations for Bidirectional Traffic

An SA specifies the security services that are applied to data packets traveling in

one direction between security gateways. To secure the traffic in both directions,

the security gateway must have a Protect SA for data transmitted from the local

IPsec interface and an Unprotect SA for data received by the local IPsec interface

(Figure 1-4)

Note:

The BayRS implementation of IKE uses preshared keys only.

1 2 ... 25 26 27 28 29 30 31 32 33 34 35 ... 121 122

Sem comentários

Avaya Configuring IPsec Services Manual do Utilizador Página 30