Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON
701702703704705706707708709710
23
Internet Protocol Security (IPSec)
Internet protocol security (IPSec) is an end-to-end security scheme for securing IP communications by authenticating and
encrypting all packets in a session. Use IPSec between hosts, gateways, or hosts and gateways.
IPSec uses a series of protocol functions to achieve information security:
Authentication Headers (AH) — Connectionless integrity and origin authentication for IP packets.
Encapsulating Security Payloads (ESP)Condentiality, authentication, and data integrity for IP packets.
Security Associations (SA) — Algorithm-provided parameters required for AH and ESP protocols.
IPSec capability is available on control (protocol) and management trac; end-node support is required.
IPSec supports two operational modes: Transport and Tunnel.
Transport is the default mode for IPSec and encrypts only the payload of the packet. Routing information is unchanged.
Tunnel mode is used to encrypt the entire packet, including the routing information in the IP header. Tunnel mode is typically used
in creating virtual private networks (VPNs).
Transport mode provides IP packet payload protection using ESP. You can use ESP alone or in combination with AH to provide
additional authentication. AH protects data from modication but does not provide condentiality.
SA is the conguration information that species the type of security provided to the IPSec ow. The SA is a set of algorithms and
keys used to authenticate and encrypt the trac ow. The AH and ESP use SA to provide trac protection for the IPSec ow.
NOTE:
Due to performance limitations on the control processor, you cannot enable IPSec on all packets in a communication session.
crypto ipsec transform-set
Create a transform set, or combination of security algorithms and protocols, of cryptos.
Syntax
crypto ipsec transform-set name {ah-authentication {md5|sha1|null} | esp-
authentication {md5|sha1|null} | esp-encryption {3des|cbc|des|null}}
To delete a transform set, use the no crypto ipsec transform-set name {ah-
authentication {md5|sha1|null} | esp-authentication {md5|sha1|null} | esp-
encryption {3des|cbc|des|null}} command.
Parameters
name Enter the name for the transform set.
ah-authentication Enter the keywords ah-authentication then the transform type of operation
to apply to trac. The transform type represents the encryption or authentication
applied to trac.
708
Internet Protocol Security (IPSec)