1. Manuals
  2. Brands
  3. Nortel Manuals
  4. Gateway
  5. Media Gateway 3500
  6. Installation, operation and maintenance manual

Media Gateway 3500 Security Technology; Introduction To Ipsec And Ike; Ike; Ipsec - Nortel Media Gateway 3500 Installation, Operation And Maintenance Manual

Hide thumbs
Table of Contents

Advertisement

Installation, Operation, Maintenance Manual
12.9

Media Gateway 3500 Security Technology

12.9.1

Introduction to IPSec and IKE

The IPSec (IP security) and IKE (Internet Key Exchange) protocols are part of the IETF as
well as PacketCable standards for security issues. IPSec and IKE are used together on
the media gateway to provide security for control and management protocols. The IPSec
protocol is responsible for securing the data streams. The IKE protocol (Internet Key
Exchange) is responsible for obtaining the IPSec encryption keys and encryption profile
(known as IPSec Security Association). IPSec is used by the Media Gateway 3500 to
assure confidentiality, authentication and integrity for the following media types:
12.9.1.1

IKE

The Internet Key Exchange protocol is used to obtain the IPSec Security Associations
(SAs). The SA contains the encryption keys and profile used by IPSec to encrypt an IP
stream.
IKE specifications:
12.9.1.2

IPSec

The IPSec protocol is responsible for encrypting and decrypting the IP streams.
IPSec specifications:
12.9.1.3

Media (RTP/RTCP) Security

The Media Gateway 3500 supports media encryption via TGCP (PacketCable extensions
to MGCP protocol). With media security, IP voice traffic for some or all channels is
encrypted using predefined session keys. No key negotiation is performed for media
security. Instead, the Media Gateway 3500 assumes higher-level protocols handle key
management (TGCP in this case).
Version 3.0
Control traffic, such as H.248, MGCP and TGCP.
Sigtran over SCTP traffic, such as IUA.
Management traffic to EMS/ NMS/ OSS, such as SNMP, FTP and Telnet.
Authentication mode - pre-shared key only.
Both Main and Aggressive modes are supported for IKE Phase 1.
The encryption algorithms that are supported for IKE SA are DES and 3DES.
Hash types for IKE SA are SHA1 and MD5.
Transport mode only.
Encapsulation Security Payload (ESP) only.
Support for Initialization Vector (IV) and Cipher Block Chaining (CBC).
The encryption algorithms that are supported for IPSec SA are currently
DES and 3DES.
Hash types for IPSec SA are SHA1 and MD5.
12. Operating the Media Gateway Using the EMS
133
October 2005

Advertisement

Table of Contents
loading

Related Manuals for Nortel Media Gateway 3500

Related Content for Nortel Media Gateway 3500

Table of Contents