Ericsson HL950 Administrator's Manual page 79

Multi service edge device

Hide thumbs Also See for HL950:

Quick installation manual (20 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

Table of Contents

Multi Service Edge Device HL950

Administrator's Guide

Figure 37

Secure Private Network Access

The HL950 supports ESP and AH IPSec protocols. Depending on the sensitivity of the information,

AES, DES or 3DES (TripleDES) algorithm can be used for data encryption, and MD5 or SHA1 for

data authentication. These data encryption and authentication algorithms require a "Key" for their

operation. Key is a secret byte string of specific length and the HL950 uses well-defined Manual Key

Management to get required keying material and also supports automatic key exchange using

ISAKMP and IKE protocols.

The HL950 provides a comprehensive way to manage a Security Policy Database (SPD). While

configuring security policies, administrators can classify the network traffic and define security

attributes for that traffic class. When there is traffic matching an SPD entry, a SA (Security

Association) is created either using IKE if automatic key exchange is configured. In the case of

Manual Key Management, the administrator has to configure the SA manually. A SA contains the

authentication algorithms, the encryption blue prints, authentication and encryption keys, and the

expirations.

Use the IPSEC element to add VPN policies, the IKE element to add IKE policies and the

CERTIFICATE element to add certificates as described in the following subsections.

4.6.3.1

IPSEC

The SECURITY IPSEC command is used to control the IPSec service and to add VPN policies.

VPN policies define attributes of the secure tunnels built with HL950 through Internet. You can have a

maximum of 25 secure tunnels active at a time with different sites.

Similar to Access policies (created with the Firewall command), VPN policies are made up of two

components – one is policy selector and the other is policy controller. VPN policy selector defines the

type of network traffic, which will afford the security described in the VPN policy controller part. In

other words, VPN policy selector defines the type of network traffic will pass through the secure

tunnel built by that VPN policy, and VPN policy controller component defines the attributes of that

secured tunnel.

Page 79 (159)

EN/LZT 108 5995 R3

June 2003

Table of Contents

This manual is also suitable for:

Zat 759 63/a101 Zat 759 63/a2011 Zat 759 63/a2012 Zat 759 63/a301

Ericsson HL950 Administrator's Manual page 79

Related Manuals for Ericsson HL950

Related Products for Ericsson HL950

This manual is also suitable for:

Table of Contents