User guide
Appendix G - IPSEC
User Guide 373
Appendix G - IPSEC
Introduction
This document contains some information that Technical Support may need to help custom-
ers with IPsec problems. It covers some basic aspects of tunneling, the kinds of tunnels sup-
ported by the BLACK BOX ® Advanced Console Server IPsec implementation, how to
configure the BLACK BOX ® Advanced Console Server and how to manage the IPsec and the
IPsec connections.
Basic IPsec Knowledge
IPsec provides encryption and authentication services at the IP level of the network protocol
stack. Working at this level, IPsec can protect any traffic carried over IP, unlike other encryp-
tion which generally protects only a particular higher-level protocol (PGP for mail, SSH for
login, SSL for Web work and so on).
IPsec can be used on any machine which does IP networking. Dedicated IPsec gateway
machines can be installed wherever required to protect traffic. IPsec can also run on routers,
on firewall machines, on various application servers, and on end-user desktop or laptop
machines.
IPsec is used mainly to construct a secure connection (tunnel) between two networks (ends)
over a not-necessarily-secure third network. In our case, the IPsec will be used to connect the
BLACK BOX ® Advanced Console Server securely to a host or to a whole network
—configu-
rations frequently called host-to-network and host-to-host tunnel. Considering practical
aspects, this is the same thing as a VPN, but here one or both sides have a degenerated subnet
(only one machine).