User guide
340
• The encryption algorithm for ESP
• The encryption and authentication keys
• Lifetime of encryption keys
• The lifetime of the SA
• Replay prevention sequence number and the replay bit table
An arbitrary 32-bit number called a Security Parameters Index (SPI), as well
as the destination host’s address and the IPSEC protocol identifier, identify
each SA. An SPI is assigned to an SA when the SA is negotiated. The SA can
be referred to by using an SPI in AH and ESP transformations. SA is unidirec-
tional. SAs are commonly setup as bundles, because typically two SAs are
required for communications. SA management is always done on bundles
(setup, delete, relay).
serial communication. Method of data transmission in which data bits are
transmitted sequentially over a communication channel
SHA-1. An implementation of the U.S. Government Secure Hash Algorithm;
a 160-bit authentication algorithm.
Soft MBytes. Setting the Soft MBytes parameter forces the renegotiation of
the IPSec Security Associations (SAs) at the configured Soft MByte value.
The value can be configured between
1 and 1,000,000 MB
and refers to data
traffic passed. If this value is not achieved, the Hard MBytes parameter is
enforced.
Soft Seconds. Setting the Soft Seconds parameter forces the renegotiation
of the IPSec Security Associations (SAs) at the configured Soft Seconds
value. The value can be configured between 60 and 1,000,000 seconds.
SPI . The Security Parameter Index is an identifier for the encryption and
authentication algorithm and key. The SPI indicates to the remote firewall
the algorithm and key being used to encrypt and authenticate a packet. It
should be a unique number greater than 255.
SSL. Secure Sockets Layer. A protocol developed by Netscape for transmit-
ting private documents via the Internet. SSL uses a cryptographic system
that uses two keys to encrypt data: a public key known to everyone and a
private or secret key known only to the recipient of the message.