Manualshelf

User guide

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface
919293949596979899100
100 Chapter 4. Configuring Special Features
Encryption
Note: Encryption is a software option. The following section applies only for routers with this option.
For routers shipped with the following encryption options, two variants of encrypted data links over PPP have
been implemented:
¥ PPP DES (Data Encryption Standard) (RFC1969)
¥ Diffie-Hellman
Encryption requires PPP.
Caution: PPP DES and Diffie-Hellman encryption options may not be exported outside the United States or
Canada.
PPP DES (RFC 1969) Encryption
PPP DES (Data Encryption Standard) implementation uses a 56-bit key with fixed transmit and receive keys that
are specified in each router. With RFC 1969, users must manage the keys. This implementation has been tested
for interoperability with other PPP DES vendors such as IBM and Network Express (part of Cabletron).
Configuration Notes
Simply add the encryption commands to your standard configuration. For PPP DES, the encryption
commands are:
remote setEncryption dese rx <key> <remoteName>
remote setEncryption dese tx <key> <remoteName>
Observe the following guidelines:
¥ PPP DES can only be configured using the Command Line Interface (CLI).
¥ The choice of keys should be carefully considered: they must have eight hexadecimal digits, and values
that are considered cryptographically weak should be avoided. Consult a security expert for advice.
¥ Use the console port or a Telnet port (use the system log command) to view error messages and progress.
If you see ÒUnknown protocolÓ errors, the router receive key and sender Tx key don't match.
¥ Different keys may be used with different remote destinations.
¥ For maximum security, as shown in the following configuration examples, Telnet and SNMP access
should be disabled, and PPP CHAP authentication should be used by both ends.
Sample Configuration
Refer to the section Sample Configurations, page 59, of this guide. The routers SOHO (the target router) and
HQ (the remote router) are configured in the same manner as shown in that section, but the following
encryption commands are added. DonÕt forget to save the configuration and reboot the router (save and
reboot commands).
Remember that the transmit key (tx) of SOHO is the receive key (rx) of HQ. Inversely, the receive key of
SOHO is the transmit key of HQ.