
Table 20 IPSec RFCs
RFC | Description |
|
|
RFC 2406 | IP Encapsulating Security Payload (ESP) |
| Supports algorithms: 3DES, DES, and Blowfish for encryption and |
| MD5 for authentication. |
RFC 2407 | The Internet IP Security Domain of Interpretation for ISAKMP |
RFC 2408 | Internet Security Association and Key Management Protocol (ISAKMP) |
RFC 2409 | The Internet Key Exchange (IKE) |
RFC 2411 | IP Security Document Roadmap |
RFC 2412 | The OAKLEY Key Determination Protocol |
RFC 2451 | ESP |
|
|
The IPSec configuration in Network Voyager is based on three IPSec objects: proposals, filters, and policies.
The kind of security applied to a defined traffic is specified by a list of proposals ordered by priority. This list is offered to the other peer beginning with the lowest priority value proposal.
Proposals and filters can be reused in different policies. Other elements defined in a policy are authentications methods (Preshared Keys or X.509 Certificates) and lifetime attributes.
Miscellaneous Tunnel Requirements
IPSec tunnels are defined by local and remote tunnel addresses. The tunnel requires a policy to define what traffic is encapsulated by the tunnel and what security to use in the encapsulation. The traffic that matches filters associated to the policy is encapsulated by using tunnel addresses. Policies can also be reused in different tunnels. An IPSec tunnel cannot function without an associated policy.
Nokia Network Voyager for IPSO 4.0 Reference Guide | 333 |