Chapter 12: Security; Ipsec And Ike - 3Com VCX v7111 User Manual

C 12: S
HAPTER
This section describes the security mechanisms and protocols implemented on the V7111
gateway. The following list specifies the available security protocols and their objectives:
IPSec and IKE protocols are part of the IETF standards for establishing a secured IP
connection between two applications. IPSec and IKE are used in conjunction to provide
security for control and management protocols but not for media (see
Secure Socket Layer
SSL (
are used to provide privacy and data integrity between two communicating applications
over TCP/IP. They are used to secure the following applications: SIP Signaling (SIPS),
Web access (HTTPS) and Telnet access (see SSL/TLS).
Secured RTP (SRTP) according to RFC 3711, used to encrypt RTP and RTCP transport
(see SRTP).
(Remote Authentication Dial-In User Service) - RADIUS server is used to enable
RADIUS
multiple-user management on a centralized platform (see
Internal Firewall allows filtering unwanted inbound traffic (see

IPSec and IKE

IPSecurity (IPSec) and Internet Key Exchange (IKE) protocols are part of the IETF standards
for establishing a secured IP connection between two applications (also referred to as
peers). Providing security services at the IP layer, IPSec and IKE are transparent to IP
applications.
IPSec and IKE are used in conjunction to provide security for control and management (for
example, SNMP and Web) protocols but not for media (that is, RTP, RTCP and T.38).
IPSec is responsible for securing the IP traffic. This is accomplished by using the
Encapsulation Security Payload (ESP) protocol to encrypt the IP payload (see
The IKE protocol is responsible for obtaining the IPSec encryption keys and encryption
profile, known as IPSec Security Association (SA).
Figure 120 IPSec Encryption
®
3Com VCX V7111 VoIP Gateway User Guide
ECURITY
(Transport Layer Security) – The SSL / TLS protocols
) / TLS
IPSec and
RADIUS Login Authentication).
Internal Firewall).
Figure
IKE).
120).
321