Avaya Configuring IP Security Services Manuel d'utilisateur télécharger pdf (Page 42)

Configuring IPsec Services

2-6

304111-B Rev 00

To generate an NPK, use a method available at your site to create random 16-digit

hexadecimal numbers.

Entering an Initial NPK and a Seed for Encryption

Before you can enable IPsec on a router, you must enter an initial NPK and create

a seed for use by IPsec. You enter the NPK into a router locally, using the console

port and the secure shell section of the Technician Interface. A password protects

access to the secure shell.

IPsec uses the NPK to encrypt and decrypt the cipher and integrity keys, and it

uses the seed specified with the

kseed

command to generate random numbers

needed by IPsec and IKE.

You cannot access the NPK or the password using the MIB or the routine

Technician Interface debug commands, nor can you invoke the secure shell in a

Telnet session.

Note:

You can use the NPK Key Manager to generate NPKs. The NPK Key

Manager is available from the WEP Key Manager. To access it, open the main

window in Site Manager and choose Tools > WEP Key Manager > NPK

Manager. During IPsec processing, you can manually enter the same NPKs in

the Technician Interface. For detailed information, see Configuring Data

Encryption Services.

Caution:

Never use a terminal server to enter the NPK. Instead, use a laptop

computer that you can attach directly to the router. Protect the file containing

NPKs on the laptop.

1 2 ... 37 38 39 40 41 42 43 44 45 46 47 ... 99 100

Pas de commentaire

Avaya Configuring IP Security Services Manuel d'utilisateur Page 42