Table of Contents
Advertisement
SIEMENS 5890 DSL Router
User's Guide
IKE IPSec Proposals Definition
IKE IPSec Proposals specify how packets will be encrypted/authenticated for the final SA. IPSec uses SAs
(Security Associations) for making connections between two devices. An SA is an instance of a security policy
and keying material applied to a data flow. SAs are negotiated between the two connection endpoints and
contain information on sequence numbering.
An IPSec SA is unidirectional, applying to only one direction of data flow, so a set of SAs is needed for a
secure connection. For each security protocol used, one SA is needed for each direction (inbound and
outbound).
An IPSec connection uses a security protocol (AH or ESP) that authenticates the sender of each data packet.
Usually, only one security protocol is used for a connection, so the connection would use two SAs (one
inbound and one outbound). However, it is possible for the same connection to be configured to use both the
ESP and the AH protocol. In this case, four SAs would be required (one inbound and one outbound for the AH
protocol, and one inbound and one outbound for the ESP protocol.
To define a new IKE IPSec proposal:
1. Click Create next to IKE IPSec Proposals from the Advanced IKE/IPSec Setup page. This displays the IKE
IPSec Proposal Definition page.
2. In IPSec Proposal Name, enter the logical name for the IKE IPSec Proposal Definition. This name is of no
importance to the remote IKE peer.
SIEMENS
Chapter 6 Security Setup
IKE/IPSec Configuration
84
Advertisement
Table of Contents
