Ipsec; Configuring The Ipsec And Ike - 3Com V7122 User Manual

IPSec

IPSec is responsible for encrypting and decrypting the IP streams.
The IPSec Security Policy Database (SPD) table defines up to 20 IP peers to which the
IPSec security is applied. IPSec can be applied to all packets designated to a specific IP
address or to a specific IP address, port (source or destination) and protocol type.
Each outgoing packet is analyzed and compared to the SPD table. The packet's destination
IP address (and optionally, destination port, source port and protocol type) are compared to
each entry in the table. If a match is found, the gateway checks if an SA already exists for
this entry. If it doesn't, the IKE protocol is invoked (see IKE) and an IPSec SA is established.
The packet is encrypted and transmitted. If a match isn't found, the packet is transmitted un-
encrypted.
An incoming packet whose parameters match one of the entries of the SPD table
but is received un-encrypted, is dropped.
IPSec specifications:
Transport mode only.
Encapsulation Security Payload (ESP) only.
Support for Cipher Block Chaining (CBC).
Supported IPSec SA encryption algorithms – DES, 3DES and AES.
Hash types for IPSec SA are SHA1 and MD5.

Configuring the IPSec and IKE

To enable IPSec and IKE on the gateway set the ini file parameter 'EnableIPSec' to 1.
IKE Configuration
The parameters described in
the IKE negotiation for a specific peer. A different set of parameters can be configured for
each of the 20 available peers.
V7122 Gateway User Guide
Table 68 are used to configure the first phase (main mode) of
335