Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
About This Chapter
IP Security (IPSec) uses data encryption and data source authentication at the IP layer to ensure
data confidentiality and integrity and prevent replay of data packets. Internet Key Exchange
(IKE) enables key negotiation and security associations (SAs) establishment to simplify use and
management of IPSec. This chapter describes how to configure IPSec and IKE.
4.1 IPSec Overview
The IP Security (IPSec) protocol family is a series of protocols defined by the Internet
Engineering Task Force (IETF). This protocol family provides high quality, interoperable, and
cryptology-based security for IP packets. Communicating parties encrypt data and authenticate
the data source at the IP layer to ensure data confidentiality and integrity and prevent replay of
data packets.
4.2 IPSec Features Supported by the SPU
The SPU supports IPSec tunnel established in manual mode or IKE negotiation mode.
4.3 Establishing an IPSec Tunnel Manually
You can establish IPSec tunnels manually when the network topology is simple.
4.4 Establishing an IPSec Tunnel Through IKE Negotiation
IKE provides an automatic protection mechanism to distribute keys, authenticate the identity,
and set up SAs on an insecure network.
4.5 Maintaining IPSec
This section describes how to display the IPSec configuration and clear the IPSec statistics.
4.6 Configuration Examples
This section provides several configuration examples of IPSec.
Issue 01 (2012-03-15)
4
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
IPSec Configuration
4 IPSec Configuration
112
Advertisement
Table of Contents
