USER’S GUIDE

Device PPP Encryption

Menu

 

1)

Decryption/Encryption

DISABLED

2)

Proprietary Key

Exchange

DISABLED

3)Decryption key

4)Encryption key

Id of parameter to change or <RET> to cancel:

7.Enable the Decryption/Encryption feature. (This selection is a toggle switch).

8.Configure encryption key implementation:

If you plan to use the CyberSWITCH’s automated key exchange, enable Proprietary Key Ex- change. (This selection is a toggle switch.) Then skip to step 11.

If you plan to use manually-configured keys, verify that Proprietary Key Exchange is dis- abled, and continue with step 9.

9.Specify an 8-byte (16-hex digits) decryption key. This value is an arbitrary value; however, it must be the same as the encryption key on the other side of the connection.

10.Specify an 8-byte (16-hex digits) encryption key. This value is an arbitrary value; however, it must be the same as the decryption key on the other side of the connection.

11.Press<RET> to return to the Device Table Menu.

Note: You may use the same value for both your encryption and decryption keys at a single site. However, we recommend different values for these keys to provide the utmost security.

Refer to the Background Information section for a pertinent example of Link Layer Encryption.

USING MANAGE MODE

Not supported.

ENCRYPTION CONFIGURATION ELEMENTS

RESOURCE TYPE

The type of adapter (resource) that plugs into the system. In this specific case, you need to specify the DES/RSA encryption adapter. This adapter is available to U.S. and Canadian markets only. Export or use in other countries requires appropriate permission from the U.S. Government.

The DES/RSA adapter implements the Data Encryption Standard algorithm for encryption purposes, and also includes an RSA chip. (Refer to the System Adapters appendix for adapter illustrations.)

RESOURCE SLOT

The slot number in the CyberSWITCH into which the resource is plugged. (Do not use slot 1).

The following elements apply to Network Layer Encryption only:

SECURITY ASSOCIATION PACKET DIRECTION

Specifies whether the security associations refer to outgoing packets, incoming packets, or both. The default is both. For utmost security, you may want to consider configuring separate security

234 CyberSWITCH

Page 233 Page 235
Page 234
Image 234
Enterasys Networks CSX5500, CSX6000, CSX7000 manual Encryption Configuration Elements
Page 233 Page 235
Top Page Image Contents