Virtual Private Networking (Vpn) - Alcatel-Lucent Security Management Server (SMS) Release 9.4 Technical Overview

Alcatel-Lucent VPN Firewall Brick

Virtual Private Networking (VPN)

...................................................................................................................................................................................................................................
Overview
VPN is a core security component offered by the Brick device . While firewall rules
can prevent obviously invalid or malicious traffic from entering a protected perimeter,
a VPN can prevent all unauthenticated traffic from entering it. This feature can provide
state-of-the-art cryptographic protection against attacks by requiring strong end user
authentication in conjunction with confidentiality and integrity verification of messages.
The Brick device offers both LAN-LAN VPN as well as Client-to-LAN VPN, using
the IPSec protocol. Cryptographic parameters supported are as follows:
For Session Establishment
The following encryption methods are available:
• Diffie-Hellman Group 1
• Diffie-Hellman Group 2
• Diffie-Hellman Group 14
• Diffie-Hellman Group 15
• Diffie-Hellman Group 16
• Diffie-Hellman Group 5
For Key Negotiation
The following key negotiation methods are supported:
• Internet Key Exchange Version 1 (IKEv1)
• Internet Key Exchange Version 2 (IKEv2)
For Confidentiality
The following encryption methods are available:
• DES
• 3DES
• AES (CBC-128, CBC-192, CBC-256)
For Integrity
The following encryption methods are available:
• SHA-1
• MD5
• AES-XCBC-MAC (for client tunnel endpoints only)
...................................................................................................................................................................................................................................
260-100-022R9.4
Issue 1, June 2009
™
Security Appliance
1-13