Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentCatalyst 4224
231232233234235236237238239240
11-5
Catalyst 4224 Access Gateway Switch Software Configuration Guide
OL-2031-02
Chapter 11 Configuring Encryption Services
Configuring the Encryption Service Adapter
Step 3: Configure IPSec Network Security
The third step is to define how the T1 data will be handled. This requires that you
use IPSec (IP Security Protocol) security.
IPSec is a framework of open standards that provides data confidentiality, data
integrity, and data authentication between participating peers. IPSec provides
these security services at the IP layer. IPSec uses IKE to handle negotiation of
protocols and algorithms based on local policy, and to generate the encryption and
authentication keys to be used by IPSec. IPSec can be used to protect one or more
data flows between a pair of hosts, between a pair of security gateways, or
between a security gateway and a host.
To configure IPSec network security, follow this procedure:
Task Command
Step 1
Specify the lifetime of a security association
1
.
As a general rule, the shorter the lifetime (up to a
point), the more secure your IKE negotiations will
be. However, with longer lifetimes, future IPSec
security associations can be set up more quickly.
The default lifetimes are 3600 seconds (one hour)
and 4608000 kilobytes (10 megabytes per second
for one hour).
Gateway(config)# crypto ipsec
security-association lifetime
seconds seconds kilobytes kilobytes
Step 2
Specify a transform set
2
and enter transform-set
configuration mode.
To define a transform set, specify one to three
"transforms"each transform represents an IPSec
security protocol (ESP or AH) plus the algorithm
you want to use. When the particular transform set
is used during negotiations for IPSec security
associations, the entire transform set (the
combination of protocols, algorithms and other
settings) must match a transform set at the remote
peer.
Gateway(config)# crypto ipsec
transform-set transform_set_name
transform1 [transform2 [transform3]]
Step 3
Return to global configuration mode.
Gateway(cfg-crypto-trans)# exit