Ipsec Vpn Fundamentals - Nortel Secure 4134 Configuration

IPsec VPN fundamentals

Internet Protocol (IP) packets have no inherent security. It is relatively easy
to forge the addresses of IP packets, modify the contents of IP packets,
replay old packets, or inspect the contents of IP packets in transit.
IP Security (IPsec) is a protocol suite designed to provide protection for IP
packets. IPsec offers the following protective services for IP packets:
•
•
•
•
•
IPsec can protect packets between hosts, between security gateways (for
example, routers or firewalls), or between hosts and security gateways.
IPsec uses symmetric ciphers (encryption algorithms such as DES, 3DES,
and AES ) to provide confidentiality services and keyed MAC (hash
algorithms such as MD5, and SHA1) to provide data integrity services. Both
the encryption and hash algorithms require shared keys between the end
points of the secure communication.
The shared keys for the symmetric cryptographic algorithms used by IPsec
can be manually configured, but this is not easily managed for multiple IPsec
connections. To provide a scalable solution, a standard (key management)
method has been defined to dynamically authenticate peers, negotiate
security services, and generate shared keys. This protocol is called Internet
Key Exchange (IKE).
IPsec based virtual private network (VPN) operates in the network layer.
Based on the policy defined, it secures individual IP packet. So, it is
transparent to the higher layer applications.
There are two basic types of VPN, each with an associated set of business
requirements:
•
Copyright © 2007, Nortel Networks
.
Authentication (of data origin)
Data Integrity
Confidentiality (of data content)
Access control
Replay protection
Site-to-Site VPN
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600 01.02 Standard
10.0 3 August 2007
43