
Chapter 4
Configuration via the Command Line Interface
4.1 Basic IPSec configuration procedure
Terminology The SpeedTouch™ uses specific IPSec terms and definitions. The following table relates these terms to the question to be solved when setting up an IPSec connection to a remote network
What do we want to do? | How do we configure it in the |
| SpeedTouch™? |
|
|
Define the remote Security Gateway to | Define a Peer. |
which we want to set up an IKE |
|
session. |
|
|
|
Set how we will authenticate with this | Define an Authentication Attribute. |
remote Security Gateway. |
|
|
|
Set what security will be applied to the | Define a Peer Security Descriptor. |
IKE session. |
|
|
|
Define the characteristics of the IPSec | Define a Connection. |
connection. |
|
|
|
Define which remote private network | Define a Network Descriptor. |
we want to access. |
|
|
|
Set what security will be applied to the | Define a Connection Security |
IPSec connection. | Descriptor. |
|
|
Setting up a basic IPSec configuration with the SpeedTouch™ involves the creation of a Peer entity and an IPSec Connection.
A Peer bundles all the parameters related to the IKE Security Association (also called Phase 1 SA). Some Phase 1 parameters are grouped in peer attributes, which are referred to by their symbolic name. Two peer attributes are defined:
the Authentication Attribute refers to the user authentication parameters required to set up the IKE Security Association
the Peer Security Descriptor groups the security parameters of the IKE Security Association.
It is required to create some valid peer attributes prior to the creation of an operational peer.
A Connection bundles all the parameters related to a
The Phase 2 security parameters are bundled in a Connection Security
Descriptor.
A Network Descriptor describes the remote private network that is accessible via the IPSec connection.
A valid Connection contains a reference to both descriptors. Therefore some valid descriptors should be present in the SpeedTouch™ prior to the creation of an operational peer.
102 | |
|