Configuring Ipsec; Configuring Ipsec In Windows 2000 And Windows Xp; Example: Creating A Security Policy - 3Com 3CRFW102 User Manual

B

Configuring IPSec in Windows 2000 and Windows XP

Example: Creating a Security Policy

Configuring IPSec

IPSec primarily consists of two parts:
encryption/decryption
authentication
To send or receive encrypted data in a PC running Windows 2000 or Windows XP with a
3Com Firewall PC Card with 10/100 LAN installed, you must first create a security policy,
and then enable encryption on the network card.
The security policy establishes and defines how encrypted network traffic between your
PC and a specified server occurs.
Authentication enables the receiver to verify the sender of a packet by adding key fields to
a packet without altering the packet data content.
The following table shows the available levels of encryption:
Encryption Type Encryption Level
AH Medium
ESP High
Custom Varies
The process you use to create and enable a security policy depends on your network
environment requirements. The following is an example of one approach to creating a
security policy.
NOTE: You must complete all of the sequences in this example to establish and
enable a security policy for transmitting and receiving encrypted data over the
network.
Description
Authentication only
Authentication and encryption
Provides encryption and an extra authentication that
includes the IPheader.
Custom allows you to select options for both AH and
ESP, such as MD/SHA-1 and DES/3DES, and you can
select the rate at which new keys are negotiated.
Microsoft uses IKE key exchange to renew keys every
x seconds or y bytes. You may want to set these values
low and have frequent key updates, or higher for
better performance.
For more information, see the Microsoft
documentation about creating IPSec flows.
29