3Com 11.1 manual Ipsec Service Parameters, CONFiguration, CONTrol, KeyEncryptionKey

Page 58

33

IPSEC SERVICE PARAMETERS

11.1Release Notes, Reference for NETBuilder Family Software

Replace Chapter 33 with this chapter.

This chapter describes the IPSEC Service parameters. Table 1 lists the IPSEC Service parameters and commands.

Table 1 IPSEC Service Parameters and Commands

Parameters	Commands

CONFiguration	SHow
CONTrol	SETDefault, SHow
KeyEncryptionKey	SETDefault, SHow
KeySet	ADD, DELete, SHow
ManualKeyInfo	ADD, DELete, SHow
manualPOLicy	ADD, DELete, SHow

CONFiguration

Syntax SHow -IPSEC CONFiguration

Default No default

Description The CONFiguration parameter displays all the currently conﬁgured IPSEC policies and key sets.

CONTrol

Syntax SETDefault [!<portlist>] -IPSEC CONTrol = [Enable Disable]

SHow [!<portlist>] -IPSEC CONTrol

Default Disable

Description The CONTrol parameter enables or disables IPSEC policy checking on a list of ports. You should only enable IPSEC policy checking on ports that need IPSEC protection. Enabling IPSEC policy checking can decrease the performance of your bridge/router.

KeyEncryptionKey

Syntax SETDefault -IPSEC KeyEncryptionKey = "<encrypt_key>%<encrypt_key>"

SHow -IPSEC KeyEncryptionKey

Image 58

Contents NETBuilder Family Software Version 11.1 Release Notes Santa Clara, California 3Com CorporationBayfront Plaza 95052-8145Contents Bcmfdinteg File Conversion Considerations Web Link Documentation Path Zmodem Time Out Known ProblemsCPU Utilization Statistic Deleting ATM Neighbors Displaying Conﬁguration Proﬁles Dynamic Paths Web Link Login SupportNAT Proxy ARP RouteDiscovery Sdhlc Half-Duplex Mode Limitations Accm Not ConﬁgurableConﬁguring IPsec Authentication Header AHCONFiguration How IPsec Works PoliciesStatPollInterval Packages Netbuilder Software Version Release NotesEncryption Contact 3Com or your network supplierLists 3Comapproved vendors of the PC ﬂash memory card New ProductsSupported PC Flash Memory Cards Approved 20 MB Flash Memory CardsApproved Dram New FeaturesVPN Features Layer Two Tunneling Protocol SIMMsDhcp Proxy Extensible Authentication ProtocolAdditional RAS Enhancements Encryption StrengthEncryption Key Virtual Circuit PrioritizationSummary of Encryption Strengths Algorithm Package ID LengthFirewall Enhancements IP Version 6 PhaseBGP-4 Enhancements Data Over Voice B-Channel Isdn Speciﬁcation Ospf Not-So-Stubby-Area NssaFrame Relay PVC Q.933 Support Boundary Router Remote LAN Detection56/64K CSU/DSU External Loopback Features Ascii BootToken Ring in Fast Ethernet Tife NETBuilder Web Link ImprovementsFlash Load Upgrade Management Utilities and NETBuilder Upgrade LinkApplication Notes Placing a Data OverExample Toggle the respective paths. TypeNew Features Application Notes Software NETBuilder II Software FeaturesVersion 11.1 for the NETBuilder bridge/router platforms NETBuilder II Firmware Requirements Other FeaturesNETBuilder II Firmware Requirements IBM ProtocolsSuperStack II NETBuilder SI Software Features 438 458Models Features Token Ring SuperStack II NETBuilder Ethernet and Token Ring FeaturesMemory Requirements Model and Software Package 112 132 111 145 OfﬁceConnect NETBuilder Software FeaturesModels Features Token Ring WAN Protocols 131112 131 120 132 Additional OfﬁceConnect NETBuilder Models Software Features 116 117 137136 Memory Requirements Utilities for the HP-UX 10.x platforms Utilities for the Solaris 2.5 platformsRuuhp111.1 Ruuaix111.1NETBuilder Upgrade Management Utilities Known Issues Etc/passwd. You must add an entry can be ignoredDLSw PROﬁle ServiceBridge Static Routes SVCsDialog boxes will be fully visible without scrolling Token Ring a non-source routed frameSupported Synchronous Modem Ports in DCE ModeSupported Asynchronous Modems ModemsHistory, the PPP link does not come up IBM-Related Feature Settings for Token Ring Ports Frame Copy Errors under LAN Net Manager Token Ring Frame Copy Errors3Com Bridge/Routers and Supported Features Known Problems This system Interrupt the boot cycle and enter monitor modeValue SHow !profileID -PROFILE CONFiguration Notation Known Problems ADD !v1 -PPP ARU user, password Limitations Front-End Processor/Frame Relay Relay port is Access for LLC2 TrafﬁcNumber of TCP Connections IBM Boundary RoutingPort running PPP SpeedMultilink PPP Snmp ManagementStations for Appn Service Point Source-RouteSdlc Adjacent Link Source RouteUsing Netbuilder Family Software Update PagesConﬁguring IPsec Configuring IpsecProcedures in this section describe how to conﬁgure IPsec Replace with this chapterCreating a Security Policy Creating an Encryption PolicyOn bridge/router, 2 enter On bridge/router 2, enterFor example, to create a new encryption key set, enter Manual key information, useTo disable Ipsec on port 1, enter Conﬁdentiality and data integrityCreate a route between the two tunnel endpoints by entering Enable Layer 2 Tunnelling by enteringAssign an IP address to the tunnel virtual port by entering Conﬁgure an Ipsec policy/security association by enteringCreate a route between two tunnel endpoints by entering Enable Layer 2 Tunnelling Pptp by enteringHow IPsec Works Intercepted and viewedHow IPsec Works Configuring Ipsec Reference for Netbuilder Family Ipsec Service Parameters and Commands Ipsec Service ParametersCONFiguration CONTrolKeySet ManualKeyInfo ManualPOLicyBe all or ALL Is assigned dynamically using Ipcp or DhcpPolicyname Name you assign to the policy you are adding Srcipaddr/maskSpecifies Cipher Block Chaining mode of the Data Encrypt phases, and the second 8 bytes for the decryptPhase of the encrypt-decrypt-encrypt 239.255.255.254Ipsec Service Parameters Rsvp Service Parameters RESerVation MaxFlowRateREQuest UDPEndcapAllRoutes SR Service ParametersPlace this page in front of Chapter ROUte ROUte SR Service Parameters SYS Service Parameters SYS Service Parameters Weblink Service Parameters StatPollIntervalWeblink Service Parameters