3Com 11.1 manual Configuring Ipsec

Page 56

58CHAPTER 17: CONFIGURING IPSEC

DES-CBC CANNOT be exported without a legal export license. See the release notes for your software for export restrictions.

ESP can be applied alone or with authentication headers.

Authentication Header AH is used to provide data integrity and data origin authentication and to provide (AH) protection against replays using the HMAC-MD5 or HMAC-SHA1 crypto

algorithm. For outbound traffic, AH computes ICV (integrity checksum value) and inserts an authentication header between the IP header and the higher layer protocol header. For inbound traffic, AH verifies the ICV and removes the AH. AH can be applied alone or with ESP.

Both HMAC-MD5 and HMAC-SHA1 are standards-based hash algorithms. In general, HMAC-SHA1 requires more computation and is considered to be more secure but slower.

Image 56
Contents NETBuilder Family Software Version 11.1 Release Notes 3Com Corporation Bayfront PlazaSanta Clara, California 95052-8145Contents CPU Utilization Statistic Deleting ATM Neighbors Web Link Documentation Path Zmodem Time Out Known ProblemsBcmfdinteg File Conversion Considerations Web Link Login Support NAT Proxy ARP RouteDiscovery Sdhlc Half-Duplex ModeDisplaying Configuration Profiles Dynamic Paths Limitations Accm Not ConfigurableAuthentication Header AH CONFigurationConfiguring IPsec How IPsec Works PoliciesStatPollInterval Netbuilder Software Version Release Notes EncryptionPackages Contact 3Com or your network supplierNew Products Supported PC Flash Memory CardsLists 3Comapproved vendors of the PC flash memory card Approved 20 MB Flash Memory CardsNew Features VPN Features Layer Two Tunneling ProtocolApproved Dram SIMMsExtensible Authentication Protocol Additional RAS EnhancementsDhcp Proxy Encryption StrengthVirtual Circuit Prioritization Summary of Encryption StrengthsEncryption Key Algorithm Package ID LengthBGP-4 Enhancements IP Version 6 PhaseFirewall Enhancements Ospf Not-So-Stubby-Area Nssa Frame Relay PVC Q.933 SupportData Over Voice B-Channel Isdn Specification Boundary Router Remote LAN DetectionFeatures Ascii Boot Token Ring in Fast Ethernet Tife56/64K CSU/DSU External Loopback NETBuilder Web Link ImprovementsUpgrade Management Utilities and NETBuilder Upgrade Link Application NotesFlash Load Placing a Data OverExample Toggle the respective paths. TypeNew Features Application Notes Version 11.1 for the NETBuilder bridge/router platforms NETBuilder II Software FeaturesSoftware Other Features NETBuilder II Firmware RequirementsNETBuilder II Firmware Requirements IBM ProtocolsSuperStack II NETBuilder SI Software Features 438 458Memory Requirements SuperStack II NETBuilder Ethernet and Token Ring FeaturesModels Features Token Ring OfficeConnect NETBuilder Software Features Models Features Token Ring WAN ProtocolsModel and Software Package 112 132 111 145 131112 131 120 132 Additional OfficeConnect NETBuilder Models Software Features 136 117 137116 Memory Requirements Utilities for the Solaris 2.5 platforms Ruuhp111.1Utilities for the HP-UX 10.x platforms Ruuaix111.1NETBuilder Upgrade Management Utilities Known Issues Etc/passwd. You must add an entry can be ignoredPROfile Service Bridge Static RoutesDLSw SVCsDialog boxes will be fully visible without scrolling Token Ring a non-source routed framePorts in DCE Mode Supported Asynchronous ModemsSupported Synchronous Modem ModemsHistory, the PPP link does not come up IBM-Related Feature Settings for Token Ring Ports 3Com Bridge/Routers and Supported Features Token Ring Frame Copy ErrorsFrame Copy Errors under LAN Net Manager Known Problems Value Interrupt the boot cycle and enter monitor modeThis system SHow !profileID -PROFILE CONFiguration Notation Known Problems ADD !v1 -PPP ARU user, password Limitations Processor/Frame Relay Relay port is Access for LLC2 Traffic Number of TCP ConnectionsFront-End IBM Boundary RoutingSpeed Multilink PPPPort running PPP Snmp ManagementService Point Source-Route Sdlc Adjacent LinkStations for Appn Source RouteUsing Netbuilder Family Software Update PagesConfiguring Ipsec Procedures in this section describe how to configure IPsecConfiguring IPsec Replace with this chapterCreating an Encryption Policy On bridge/router, 2 enterCreating a Security Policy On bridge/router 2, enterFor example, to create a new encryption key set, enter Manual key information, useTo disable Ipsec on port 1, enter Confidentiality and data integrityEnable Layer 2 Tunnelling by entering Assign an IP address to the tunnel virtual port by enteringCreate a route between the two tunnel endpoints by entering Configure an Ipsec policy/security association by enteringEnable Layer 2 Tunnelling Pptp by entering How IPsec WorksCreate a route between two tunnel endpoints by entering Intercepted and viewedHow IPsec Works Configuring Ipsec Reference for Netbuilder Family Ipsec Service Parameters CONFigurationIpsec Service Parameters and Commands CONTrolKeySet ManualKeyInfo ManualPOLicyIs assigned dynamically using Ipcp or Dhcp Policyname Name you assign to the policy you are addingBe all or ALL Srcipaddr/maskEncrypt phases, and the second 8 bytes for the decrypt Phase of the encrypt-decrypt-encryptSpecifies Cipher Block Chaining mode of the Data 239.255.255.254Ipsec Service Parameters Rsvp Service Parameters MaxFlowRate REQuestRESerVation UDPEndcapPlace this page in front of Chapter SR Service ParametersAllRoutes ROUte ROUte SR Service Parameters SYS Service Parameters SYS Service Parameters Weblink Service Parameters StatPollIntervalWeblink Service Parameters