17
CONFIGURING IPSEC
11.1 Release Notes, Using NETBuilder Family Software Version 11.0
Replace Chapter 17 with this chapter.
This chapter describes how to configure the IP Security Protocol (IPsec) on your IP
router. IPsec provides security at the network layer. Because IPsec is integrated into
IP itself, IPsec adds security to any link, regardless of the application used.
Before configuring IPsec, you should configure a tunneling protocol like PPTP. See
Chapter 12 for more information about PPTP.
It is recommended that IPSEC control or the PORT service control be disabled while
configuring policies and enabled only after all IPSEC policy and key set
configuration has been completed.
For conceptual information, see “How IPsec Works” on page 56.
Configuring IPsec The procedures in this section describe how to configure IPsec.
Creating Policies An IPsec policy consists of an action, the packet types that require the action, and
the source and destination addresses between which the action occurs. The
following three actions are supported:
■ Action AhXport provides data integrity and authentication.
■ Action EspXport provides data confidentiality through encryption.
■ Action AhEspXport provides data integrity and authentication and data
confidentiality through encryption.
To configure a security policy, use:
ADD !<portlist> -IPSEC manualPOLicy <policy_name> <action> <filters>
<src_ipaddr/mask>
(<dst_ipaddr/mask> | DYNamic)
[<encrypt_algorithms] [<auth_algorithms>]
<action> : AhEspXport | AhXport | EspXport
<filters> :list of the following values separated by commas:
GRE, ICMP, OSPF,
TCP [(<src_port>,<dst_port>)...up to 16 pairs],
UDP [(<src_port>, <dst_port>)...up to 16 pairs]
<encrypt_algorithm> : 3DES2key | DES | RC5