Alcatel-Lucent Security Management Server (SMS) Release 9.4 Technical Overview page 65
Hide thumbs
Also See for Security Management Server (SMS) Release 9.4:
- Installation manual (138 pages)
Table of Contents
Advertisement
Alcatel-Lucent IPSec Client
UDP encapsulation
The IPSec Client has the ability to tunnel IPSec inside of UDP packets, for the explicit
purpose of using in a many-to-one NAT/PAT environment. The method of
UDP-encapsulation is Alcatel-Lucent proprietary and not designed to interwork with
other non Alcatel-Lucent products.
Local presence
The local presence feature allows the client's PC to be assigned an address local to the
network to which they are connecting. This allows complex connections, such as
X-Windows, to be directed back from other hosts to the client host, properly using
established network routing paths. The local addresses are assigned using a local pool
managed by the SMS, or one-at-a-time using the RADIUS parameter download feature.
Split tunnels
The IPSec Client has the ability to permit simultaneous traffic in clear-text as well as
through the tunnel. The endpoint IP networks behind the tunnel are configured by the
system administrator on the SMS, and can be configured to disallow clear-text traffic
entirely if so desired.
Strong authentication
In addition to basic IKE authentication, the IPSec Client supports the use of Strong
Authentication mechanisms. The client can provide both XAuth or proprietary strong
authentication protocols, depending on the endpoint to which it is terminating. The
client will support RADIUS, SecurID, and local passwords, including SecurID time
sync mode.
Multiple tunnel configurations with redundancy
The IPSec Client can be configured and saved with a number of tunnels, each with a
different endpoint and other configurations. Additionally, each tunnel can have its own
backup tunnel endpoint, in case the primary tunnel endpoint is not reachable at tunnel
establishment time.
DNS/WINS
Upon tunnel establishment, the IPSec Client will automatically configure local primary
and secondary DNS (Domain Name Server) and WINS (Windows Information Name
Server) addresses. This information is configured by the Administrator for each tunnel.
...................................................................................................................................................................................................................................
260-100-022R9.4
Issue 1, June 2009
Platforms and Compatibility
3-3
Advertisement
Table of Contents
Need help?
Do you have a question about the Security Management Server (SMS) Release 9.4 and is the answer not in the manual?
Questions and answers