Avaya Configuring IPsec Services Manuel d'utilisateur télécharger pdf (Page 25)

Overview of IPsec

308630-15.1 Rev 00

1-7

IPsec Elements

IPsec has three important constructs:

• Security gateways

• Security policies

• Security associations

In the IPsec context, hosts communicate across an untrusted network through

security gateways (routers configured for IPsec interfaces). Security policies

determine how the IPsec interfaces handle data packets for the hosts on both ends

of a connection. Security associations apply IPsec services to data packets

traveling between the security gateways.

Figure 1-2

shows the logical relationship between security policies and security

associations.

Figure 1-2. IPsec Security Gateways, Security Policies, and Security Associations

IP0087A

Inbound process

Security associations

Inbound policies

criteria and action

(bypass, drop, log)

Outbound policies

criteria and action

(bypass, drop, log,

protect)

Outbound process

Security

policy

database

Unprotect SAs

Source/Dest Addr, SPI

Cipher Algo/Key,

Integrity Algo/Key

Protect SAs

Source/Dest Addr, SPI

Cipher Algo/Key,

Integrity Algo/Key

IPsec gateway Router interface

Untrusted

network

1 2 ... 20 21 22 23 24 25 26 27 28 29 30 ... 121 122

Pas de commentaire

Avaya Configuring IPsec Services Manuel d'utilisateur Page 25