SIEMENS 5890 DSL Router

Chapter 6 Security Setup

User’s Guide

IKE/IPSec Configuration

 

 

IKE IPSec Proposals Definition

IKE IPSec Proposals specify how packets will be encrypted/authenticated for the final SA. IPSec uses SAs (Security Associations) for making connections between two devices. An SA is an instance of a security policy and keying material applied to a data flow. SAs are negotiated between the two connection endpoints and contain information on sequence numbering.

An IPSec SA is unidirectional, applying to only one direction of data flow, so a set of SAs is needed for a secure connection. For each security protocol used, one SA is needed for each direction (inbound and outbound).

An IPSec connection uses a security protocol (AH or ESP) that authenticates the sender of each data packet. Usually, only one security protocol is used for a connection, so the connection would use two SAs (one inbound and one outbound). However, it is possible for the same connection to be configured to use both the ESP and the AH protocol. In this case, four SAs would be required (one inbound and one outbound for the AH protocol, and one inbound and one outbound for the ESP protocol.

To define a new IKE IPSec proposal:

1.Click Create next to IKE IPSec Proposals from the Advanced IKE/IPSec Setup page. This displays the IKE IPSec Proposal Definition page.

2.In IPSec Proposal Name, enter the logical name for the IKE IPSec Proposal Definition. This name is of no importance to the remote IKE peer.

SIEMENS

84

Page 90
Image 90
Siemens 5890 manual IKE IPSec Proposals Definition