3Com 10014299 Network Router User Manual

Open as PDF

of 762

Configuring IPSec 567

The default mode is tunnel-encapsulation mode.

Select Security Protocol

After the transport mode is defined, it is necessary to select the security protocol

for the transport mode. The security protocols available at present include AH and

ESP, both of which can also be used at the same time. Both ends of security tunnel

must select the same security protocols.

The data encapsulation forms of various security protocols in transport and tunnel

mode are shown in the following figure:

Figure 173 Data encapsulation form of the security protocol

Please configure the following in IPSec Proposal view (or proposal view of crypto

card).

Table 637 Select Security Protocol

The security protocol esp-new prescribed in RFC2406 is used by default.

Selecting the Encryption

and Authentication

Algorithm

AH protocol cannot encrypt but authenticate packets. ESP in IPSec software

supports five security encryption algorithms that are 3des, des, blowfish, cast

and skipjack. There are seven kinds of security encryption algorithms supported

by ESP crypto card, which are 3des, des, blowfish, cast, skipjack, aes, and qc5.

The current security authentication algorithm includes MD5 (message digest

Version 5) and SHA (security hashing algorithm), both of which are HMAC

variables. HMAC is a hashing algorithm with key, which can authenticate data.

The algorithm md5 uses 128-bit key and the algorithm sha1 uses 160-bit key, and

the former calculates faster than the latter while the latter is more secure than the

former.

Both ends of security tunnel must select the same encryption algorithm and

authentication algorithm.

Restore the default message

encapsulating mode (applicable to IPSec

software and crypto card)

undo encapsulation-mode

Operation Command

Set security protocol used for IPSec

proposal (applicable to IPSec software and

crypto card)

transform { ah-new | esp-new |

ah-esp-new }

Restore the default security protocol

(applicable to IPSec software and crypto

card)

undo transform

Transmission mode

Encryption

protocol

transport tunnel

ah-new

esp-new

ah-esp-new

IP AH

data

IP AH

data

IP ESP

data

ESP-T

IP ESP

data

ESP-T

IP ESP

data

ESP-TAH

IP ESP

data

ESP-TAH

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

3Com 10014299 Network Router User Manual