How IPsec Works 57
IPsec works with the existing Internet infrastructure using encapsulation. It secures a packet of data by encrypting it before sending it over the Internet. On the receiving end, an
On each end of the link (systems at both ends comprise a security association), IPsec is configured with the same key set and manual key information. The key set allows each system in the security association to encrypt, decrypt, or authenticate each other’s data.
The security protection can be selectively applied to various types of data traffic based on protocols, IP addresses, network addresses, applications (via TCP/UDP port addresses), and network interfaces.
Policies IPsec policies allow you to protect various types of traffic based on protocols, IP addresses, network addresses, network interfaces, and applications (via port addresses).
Encapsulation Security ESP is used to provide data confidentiality via encryption using the
header between the IP header and the payload. For inbound traffic, it decrypts the IP payload and removes the ESP header.
DES and RC5 encryption algorithms are supported in the xE packages. 3DES2key is supported only in xS packages.
DES is the Cipher Block Chaining (CBC) mode of the US Data Encryption Standard (DES). It requires an
RC5 is a cipher block chain encryption algorithm that may provide slightly faster performance than DES. RC5 requires a minimum of 5 bytes for the encryption key. The key may be as long as 7 bytes in xE packages, and as long as 16 bytes in xS packages.
3DES2key is a
Key lengths are enforced when they are entered. Warning or error messages inform you when the entered key does not meet the requirements.
Entered keys longer than the supported maximum length for the chosen crypto algorithm and the package are truncated as necessary.