Concept Guide
Internet Protocol Security (IPSec)
IPSec is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all packets in a communication
session.
Use IPSec between hosts, between gateways, or between hosts and gateways.
IPSec is compatible with Telnet and le transfer protocols (FTPs) and can operate in Transport mode. In Transport mode, IPSec encrypts
only the packet payload; the IP header is unchanged. This is the default mode.
NOTE: The Dell EMC Networking OS supports IPSec only for FTP and telnet protocols (ports 20, 21, and 23). The system rejects
if you congure IPSec for other protocols.
IPSec uses the following protocols:
• Authentication Headers (AH) — Disconnected integrity and origin authentication for IP packets
• Encapsulating Security (ESP) — Condentiality, authentication, and data integrity for IP packets
• Security Associations (SA) — Necessary algorithmic parameters for AH and ESP functionality
IPSec supports the following authentication and encryption algorithms:
• Authentication only:
– MD5
– SHA1
• Encryption only:
– 3DES
– CBC
– DES
• ESP Authentication and Encryption:
– MD5 and 3DES
– MD5 and CBC
– MD5 and DES
– SHA1 and 3DES
– SHA1 and CBC
– SHA1 and DES
Conguring IPSec
The following sample conguration shows how to congure FTP and telnet for IPSec.
1 Dene the transform set.
CONFIGURATION mode
crypto ipsec transform-set myXform-seta esp-authentication md5 esp-encryption des
2 Dene the crypto policy.
CONFIGURATION mode
crypto ipsec policy
myCryptoPolicy 10 ipsec-manual
25
400 Internet Protocol Security (IPSec)