Appendix - Security; Ipsec And Ike - Nortel Media Gateway 3200 User Manual

H.248 User's Manual
17

Appendix - Security

This appendix describes the MG 3200's implementation of security protocols.
The following list specifies the available security protocols and their purposes:
IPSec
IKE
The IPSec and IKE protocols are part of the IETF standards for security issues. IPSec and
IKE are used together on the media gateway to provide security for control and
management protocols. The IPSec protocol is responsible for securing the data streams.
The IKE protocol (Internet Key Exchange) is responsible for obtaining the IPSec encryption
keys and encryption profile (known as IPSec Security Association). IPSec is used by MG
3200 to assure confidentiality, authentication and integrity for the following media types:
•
Control traffic, such as H.248
•
Management traffic, such as SNMP and HTTP
Note:
Note:
Using IPSec reduces the channel capacity of the MG 3200.
SSL/TLS - Secures Web access (HTTPS) and Telnet access.
RADIUS - Is utilized by the Embedded Web Server and Telnet server for
authentication.
Media Security - Allows encryption of voice traffic on the IP network.
This section also contains network port usage information (useful for firewall
administrators) and recommended practices for keeping your network secure.
17.1

IPSec and IKE

IPSec 'FOOTNOTE-IPSec and IKE'
establishing a secured IP connection between two applications (also referred to as peers).
Providing security services at the IP layer, IPSec and IKE are transparent to IP
applications.
1
FOOTNOTE@IPSec and IKE - ALL NOT MP / M1KUsing IPSec reduces the channel capacity of the
MG 3200 by 24 channels.
Version SN09
Some Security features are optional and can be ordered or upgraded at a
future time.
The RTP and RTCP streams cannot be secured by IPSec.
Important
1
and IKE protocols are part of the IETF standards for
319
17. Appendix - Security
October 2006