Avaya Configuring Integrated IP Security Manual do Utilizador descarregar pdf (Página 32)

Configuring IP Security Services

2-8

304111-A Rev 00

Summarizing Security Policies and SAs

Table 2-1 and Table 2-2 provide a framework for understanding IPsec policies and

security associations (SAs).

In Table 2-1

, each row defines the policy specification for the policy named in the

first column. For example, the “blue” policy specifies two criteria -- IP source

address and IP destination address -- and the “drop” action.

The yellow and green policies specify a protect SA action. You create the SAs for

a policy immediately after you specify the policy using them (Table 2-2)

In Table 2-2

, the IP source and destination addresses for the SA are those of the

tunnel through which the traffic passes. Intermediate routers will protect “protect”

SA traffic until it reaches the IP destination address.

Table 2-1. Security Policy Specifications

Policy Name Protocol

IP Source

Address

IP Destination

Address Action

Blue IP address IP address Drop

Yellow IP subnet IP subnet Protect SA

Green Range of

IP addresses

Range of

IP addresses

Protect SA

Black Any IP address Bypass

Table 2-2. Security Association (SA) Configurations

Security Association SPI Cipher Integrity

Source

Address

Destination

Address Algorithm

Key

Length Key Algorithm Key

IP address IP address 270 DES 40 Hex value HMAC MD5 Hex value

IP address IP address 260 DES 50 Hex value MD5 Hex value

1 2 ... 27 28 29 30 31 32 33 34 35 36 37 ... 71 72

Sem comentários

Avaya Configuring Integrated IP Security Manual do Utilizador Página 32