Manualshelf

Product specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface
181182183184185186187188189190
Chapter 5: System Security Efficient Networks
®
Router family
Technical Reference Guide
Page 5-48 Efficient Networks
®
Observe the following guidelines:
Specify DESE_1_KEY if the same key is to be used in both directions.
Specify DESE_2_KEY if the keys are to be different. Using the same keys in
both directions can significantly reduce the time needed to compute the DES
keys from the Diffie-Hellman exchange.
The optional file name on the command is the name of the file containing the
Diffie-Hellman values. If a file is not specified, default values built into the
routers kernel are automatically selected. The file format is described later.
The routers receive key and sender Tx key must not match.
Different keys and key files may be used for different remote destinations.
For maximum security, Telnet and SNMP access should be disabled, and
PPP CHAP should be used. Use the console port to view error messages
and progress.
Sample Configuration
Suppose that the routers SOHO (the local router) and HQ (the remote router)
described in Chapter 3, Installation and Setup are to be configured to use Diffie-
Hellman encryption. Also, assume that the same key is to be used in both directions
and that the values to be used to generate keys are in the file dh96.num. To add
encryption to their configurations, you would enter the following commands:
For router HQ:
-> remote setencryption DESE_1_KEY dh96.num SOHO
-> save
-> reboot
For router SOHO:
-> remote setencryption DESE_1_KEY dh96.num HQ
-> save
-> reboot