Avaya Configuring Integrated IP Security Manual do Utilizador descarregar pdf (Página 47)

Configuring IPsec

304111-A Rev 00

3-11

Creating Security Associations

Security associations enable you to provide bidirectional protection for data

packets traveling between two routers. However, each SA establishes security for

data passing in a single direction.

An SA exists for any IPsec policy supported by a security gateway. Each policy

includes security information such as algorithms, or keys, that must be tracked. To

protect (encrypt or authenticate) data packets leaving the local IP interface, create

a protect SA and link it to an outbound policy.

To decrypt or authenticate incoming packets at the local IP interface, create an

unprotect SA. (The unprotect SA does not need to be linked to a policy.) Then, do

the same for the IP interface on the remote router.

The cipher and integrity algorithms and keys that you specify in SAs must be

identical on both ends of a connection. You must select either the cipher or the

integrity service or both within the protect and unprotect SA parameters. For

example, the cipher key in a protect SA on the local IP interface must match the

cipher key in the unprotect SA on the remote router IP interface.

Note:

SAs must be configured to encrypt, authenticate, or both. Site Manager

does not allow you to create an SA if both the Cipher Algorithm and the

Integrity Algorithm parameters are set to None.

1 2 ... 42 43 44 45 46 47 48 49 50 51 52 ... 71 72

Sem comentários

Avaya Configuring Integrated IP Security Manual do Utilizador Página 47