Chapter 2
SpeedTouch™ IPSec terminology
2.1 Policy
What is ... Security is all about traffic policies and these can be configured using the IPSec policy commands. By default, policy rules are automatically generated when the IPSec connection is created and the user does not need to execute extra commands.
A set of rules defines whether a packet has to pass through a secure tunnel or not. These rules are expressed in terms of IP addresses, protocols and/or ports that have access to the secure connections. The user specifies and configures a general policy in function of his overall security policy and the VPN network topology.
Static policy In a static network environment with fixed IP addresses, the policy can be completely defined, and specific rules can be expressed in the configuration.
Dynamic policy In a more dynamic network environment, where IP addresses are dynamically assigned, or where terminals may connect from various unknown locations, it may be impossible to express a specific policy in the router configuration. In order to cope with this situation, the SpeedTouch™ allows expressing a general policy in the configuration. This general policy may include some placeholders for information that becomes available only during the Security Association negotiations. The specific policy rules are automatically derived from the general policy and the outcome of the negotiations.
16 | |
|