Manualshelf

Product specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface
181182183184185186187188189190
Chapter 5: System Security Efficient Networks
®
Router family
Technical Reference Guide
Page 5-46 Efficient Networks
®
Encryption
Encryption is a key-enabled feature. The following section applies only to routers with
the encryption option enabled. For more information, see Key Enabled Features on
page 4-29. To read about IPSec encryption, see IPSec (Internet Protocol Security).
Two variants of encrypted data links over PPP have been implemented:
PPP DES (Data Encryption Standard) (RFC 1969)
Diffie-Hellman
CAUTION:
PPP DES and Diffie-Hellman encryption options may not be exported outside the
United States or Canada.
PPP DES (RFC 1969) Encryption
PPP DES (Data Encryption Standard) implementation uses a 56-bit key with fixed
transmit and receive keys that are specified in each router. RFC 1969 requires that
users must manage the keys. This implementation has been tested for inter-
operability with other PPP DES vendors such as IBM and Network Express.
Configuration Commands
To configure PPP DES encryption, add these commands to your standard
configuration:
-> remote setencryption dese rx <key> <remotename>
-> remote setencryption dese tx <key> <remotename>
Observe the following guidelines:
PPP DES can only be configured using the Command Line Interface (CLI).
The choice of keys should be carefully considered. Each key must have eight
hexadecimal digits. Values that are considered cryptographically weak
should be avoided. Consult a security expert for advice.
Different keys may be used for different remote destinations.
Use the console port to view error messages and progress. If you see
Unknown protocol errors, the router receive key and sender Tx key don't
match.
For maximum security, Telnet and SNMP access should be disabled, and
PPP CHAP authentication should be used by both ends.