Configuring Ipsec; Overview; Security Protocols And Encapsulation Modes - HP MSR Series Configuration Manual
Hpe flexnetwork msr router series
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (684 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
Configuring IPsec
Overview
IP Security (IPsec) is defined by the IETF to provide interoperable, high-quality, cryptography-based
security for IP communications. It is a Layer 3 VPN technology that transmits data in a secure
channel established between two endpoints (such as two security gateways). Such a secure channel
is usually called an IPsec tunnel.
IPsec is a security framework that has the following protocols and algorithms:
•
Authentication Header (AH).
•
Encapsulating Security Payload (ESP).
•
Internet Key Exchange (IKE).
•
Algorithms for authentication and encryption.
AH and ESP are security protocols that provide security services. IKE performs automatic key
exchange. For more information about IKE, see
IPsec provides the following security services for data packets in the IP layer:
•
Confidentiality—The sender encrypts packets before transmitting them over the Internet,
protecting the packets from being eavesdropped en route.
•
Data integrity—The receiver verifies the packets received from the sender to make sure they
are not tampered with during transmission.
•
Data origin authentication—The receiver verifies the authenticity of the sender.
•
Anti-replay—The receiver examines packets and drops outdated and duplicate packets.
IPsec delivers the following benefits:
•
Reduced key negotiation overhead and simplified maintenance by supporting the IKE protocol.
IKE provides automatic key negotiation and automatic IPsec security association (SA) setup
and maintenance.
•
Good compatibility. You can apply IPsec to all IP-based application systems and services
without modifying them.
•
Encryption on a per-packet rather than per-flow basis. Per-packet encryption allows for
flexibility and greatly enhances IP security.
Security protocols and encapsulation modes
Security protocols
IPsec comes with two security protocols, AH and ESP. They define how to encapsulate IP packets
and the security services that they can provide.
•
AH (protocol 51) defines the encapsulation of the AH header in an IP packet, as shown
in
Figure
to prevent data tampering, but it cannot prevent eavesdropping. Therefore, it is suitable for
transmitting non-confidential data. AH supports authentication algorithms HMAC-MD5 and
HMAC-SHA1.
•
ESP (protocol 50) defines the encapsulation of the ESP header and trailer in an IP packet, as
shown in
and anti-replay services. Unlike AH, ESP can guarantee data confidentiality because it can
encrypt the data before encapsulating the data to IP packets. ESP supports encryption
98. AH can provide data origin authentication, data integrity, and anti-replay services
Figure
98. ESP can provide data encryption, data origin authentication, data integrity,
"Configuring
IKE."
286
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
