Basic Ipsec Configurations - Brocade Communications Systems StoreFabric SN6500B Administrator's Manual
Brocade web tools administrator's guide v7.1.0 (53-1002756-01, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- User manual (1505 pages) ,
- Command reference manual (1168 pages) ,
- Reference (934 pages)
Table of Contents
Advertisement
Encapsulating Security Payload
ESP provides authentication, and also provides privacy by encrypting the IP datagram. The use of
an ESP header is similar to the use of the AH header. A hash algorithm is used to calculate an
authentication value, the authentication value is sent in an IP datagram, and the same hash
algorithm is used by the receiver to verify the authentication value. ESP can be used in either
transport mode or tunnel mode, as shown in
FIGURE 43
Basic IPsec configurations
There are three basic configurations for IPsec use:
•
•
•
Endpoint to Endpoint
In an endpoint to endpoint configuration, both endpoints implement IPsec. Transport mode is
commonly used in endpoint to endpoint configurations, and only a single pair of addresses is used.
Typically, this kind of configuration would be used for direct communication between hosts. There
are two drawbacks to consider:
•
•
Web Tools Administrator's Guide
53-1002756-01
ESP header in transport mode and tunnel mode
Endpoint to Endpoint
Gateway to Gateway
Endpoint to Gateway
If network address translation (NAT) is used on the connection, one or both endpoints may be
behind a NAT node. If that is the case, UDP must be used to encapsulate the tunneled packets.
Port numbers in the UDP headers can then be used to identify the endpoint behind the NAT
node.
Packets cannot be inspected or modified in transit. This means that QoS, traffic shaping, and
firewall applications cannot access the packets, and does not work.
Figure
43.
15
IPsec concepts
191
- Quick Links:
- Web Tools, the Egm License, and...
Hide quick links:
Advertisement
Table of Contents
