Avaya Configuring IP Security Services Manual do Utilizador descarregar pdf (Página 30)

Configuring IPsec Services

1-12

304111-B Rev 00

Manual Security Associations

Manually configuring security associations is a more cumbersome and

labor-intensive process than using IKE. If possible, IKE should be used to make

large-scale secure communications practical.

Manually configured SAs often rely on static, symmetric keys on communicating

hosts or security gateways. As such, you must coordinate within your organization

and with outside parties to configure keys that will protect your information.

Security Associations for Bidirectional Traffic

An SA specifies the security services that are applied to data packets traveling in

one direction between security gateways. To secure the traffic in both directions,

the security gateway must have a Protect SA for data transmitted from the local

IPsec interface and an Unprotect SA for data received by the local IPsec interface

(Figure 1-4)

Figure 1-4. Security Associations for Bidirectional Traffic

Under most circumstances, you will configure the Internet Key Exchange (IKE)

protocol to negotiate SAs between security gateways automatically. You can also

manually configure SAs.

IP0079A

Network

Security gateway Security gateway

132.245.145.195

132.245.145.205

Protect SA

Source: 132.245.145.205

Destination: 132.245.145.195

Protect SA

Source: 132.245.145.195

Destination: 132.245.145.205

Unprotect SA

Source: 132.245.145.205

Destination: 132.245.145.195

Unprotect SA

Source: 132.245.145.195

Destination: 132.245.145.205

1 2 ... 25 26 27 28 29 30 31 32 33 34 35 ... 99 100

Sem comentários

Avaya Configuring IP Security Services Manual do Utilizador Página 30