SPI

Sequence Number

IV

Data

Pad

Pad

Next

LH d

Authentication Data

E.2.1.3 Security Associations (SA)

Security Associations are a one-way relationships between sender and receiver that specify IPSec-related parameters. They provide data protection by using the defined IPSec protocols, and allow organizations to control according to the security policy in effect, which resources may communicate securely.

SA is identified by 3 parameters:

-Security Parameters Index (SPI), a locally unique value

-Destination IP Address

-Security Protocol: (AH or ESP, but not both)

There are several other parameters associated with an SA that are stored in a Security Association database.

E.2.2 IPSec Modes

To exchange data between different types of VPNs, IPSec provides two major modes:

- Tunnel Mode

This mode is used for host-to-host security. Protection extends to the payload of IP data, and the IP addresses of the hosts must be public IP addresses.

174

Page 173 Page 175
Page 174
Image 174
Billion Electric Company BiGuard 50G user manual Security Associations SA, IPSec Modes
Page 173 Page 175
Top Page Image Contents