Contents
June 2004 © 2004 Foundry Networks, Inc. ix
GENERIC ROUTING ENCAPSULATION (GRE) ......... .....................................................................................14-7
CHAPTER 15SECURITY FEATURES.... .................................................. .......................... 15-1
INTRODUCTION TO SECURITY .................................................................................................................... 15-1
ENABLING SECURITY FEATURES ........................................................................................................ .15-1
SECURING REMOTE ACCESS USING IPSEC VPN ...................................................... .................................15-2
ACCESS METHODS .............................................................................................................................15-2
EXAMPLE 1: SECURELY MANAGING THE FOUNDRY AR1204 OVER AN IPSEC TUNNEL ..........................15-3
EXAMPLE 2: JOINING TWO PRIVATE NETWORKS WITH AN IP SECURITY TUNNEL .................................15-10
EXAMPLE 3: JOINING TWO NETWORKS WITH AN IPSEC TUNNEL USING MULTIPLE IPSEC PROPOSALS .15-19
EXAMPLE 4: SUPPORTING REMOTE USER ACCESS ............................................................................15-28
EXAMPLE 5: CONFIGURING IPSEC REMOTE ACCESS TO CORPORATE LAN WITH MODE-CONFIGURATION
METHOD .................................................................................................................................... 15-37
CONFIGURING GRE .................................................................................... ............................................15-45
FIREWALLS ................................................................................................................................ .............15-50
FIREWALL CONFIGURATION EXAMPLES ............................................................................ ............. ..... 15-50
STOPPING DOS ATTACKS ................................................................................................................. 15-56
PACKET REASSEMBLY ...................................................................................................................... 15-57
NAT CONFIGURATIONS ....................................................................................................................15-57
NAT CONFIGURATION EXAMPLES .....................................................................................................15-58
SECURITY PROTOCOL DEFAULTS ............................................................................................................15-61
IPSEC SUPPORTED PROTOCOLS AND ALGORITHMS ...........................................................................15-61
FOUNDRY IKE AND IPSEC DEFAULTS ...............................................................................................15-62
FIREWALL DEFAULT VALUES .......................................................................................... .........................15-63
TUNNELING DEFAULT VALUES ................................................................................................................. 15-65