Enterasys Networks CSX6000, CSX5500, CSX7000 manual Link Layer Encryption, Isdn

USER’S GUIDE

On the CyberSWITCH, AH is added to a packet after ESP application. When a remote node receives the encrypted packet, it first processes the authentication information in the AH. If the AH information is valid, the node proceeds to decrypt the packet. If authentication fails, the packet is dropped.

LINK LAYER ENCRYPTION

Link layer encryption is available for WAN services using PPP (data-link layer) protocol. It accommodates network layer protocols such as IP, IPX and AppleTalk protocols, and can also be used for bridged data. Link layer encryption may use the DES algorithm along with configured encryption keys, or it may use an automated key exchange. Link layer encryption (using either the manual keys or the automated key exchange) is set up on a per-device basis. Device-level authentication is required when using Link Layer encryption.

LINK LAYER ENCRYPTION: MANUALLY-CONFIGURED KEYS

When using manually-configured keys, each device needs to have two keys - one for encrypting outgoing data, and one for decrypting incoming data. These manually-configured keys need to match the keys configured on the remote node. That is, the CyberSWITCH’s encryption key needs to match the remote node’s decryption key, and vice versa.

The following graphic illustrates a CyberSWITCH encryption network using manually-configured keys. The nodes are communicating via Point-to-Point Protocol over various types of WAN links:

•dedicated lines

•ISDN

•Frame Relay

The CyberSWITCH will provide privacy for all communications across each of the WAN links by encrypting data using DES. Communications on the LAN will be in the clear.

CSX5500

"Larry"

238 CyberSWITCH