Table of Contents
Advertisement
Chapter 2
SpeedTouch™ IPSec terminology
What is ...
Static policy
Dynamic policy
16
2.1 Policy
Security is all about traffic policies and these can be configured using the IPSec
policy commands. By default, policy rules are automatically generated when the
IPSec connection is created and the user does not need to execute extra commands.
A set of rules defines whether a packet has to pass through a secure tunnel or not.
These rules are expressed in terms of IP addresses, protocols and/or ports that have
access to the secure connections. The user specifies and configures a general policy
in function of his overall security policy and the VPN network topology.
In a static network environment with fixed IP addresses, the policy can be
completely defined, and specific rules can be expressed in the configuration.
In a more dynamic network environment, where IP addresses are dynamically
assigned, or where terminals may connect from various unknown locations, it may
be impossible to express a specific policy in the router configuration. In order to
cope with this situation, the SpeedTouch™ allows expressing a general policy in the
configuration. This general policy may include some placeholders for information
that becomes available only during the Security Association negotiations. The
specific policy rules are automatically derived from the general policy and the
outcome of the negotiations.
E-DOC-CTC-20051017-0169 v1.0
Advertisement
Table of Contents
