Filter
Top Products
6
IP SECURITY
Overview The 3CR990 NICs accelerate IP security (IPSec) data encryption from supported
operating systems that provide this offload capability. This feature is currently
available in the Microsoft Windows 2000 operating system.
IPSec consists of two parts: encryption/decryption and authentication. To send
or receive encrypted data in a PC running Windows 2000 with a 3CR990 NIC
installed, you must first create a security policy, and then enable encryption on
the NIC. The security policy establishes and defines how encrypted network traffic
between your PC and a specified server occurs.
Authentication enables the receiver to verify the sender of a packet by adding key
fields to a packet without altering the packet data content.
The following table shows the available levels of encryption:
Creating a
Security Policy
The process you use to create and enable a security policy will depend on your
network environment requirements. The following is an example of one approach
to creating a security policy.
Encryption
Type
Encryption
Level
Description
AH medium Authentication only
ESP high Authentication and encryption
Custom varies This provides encryption and an extra authentication that includes
the IP header.
Custom allows you to select options for both AH and ESP, such as
MD%/SHA-1 and DES/3DES. And you can select the rate at which
new keys are negotiated.
Microsoft uses IKE key exchange to renew keys every x seconds
or y bytes. However, this practice is computationally very high in
overhead. Some users may set these values low and have frequent
key updates. Users more concerned with performance will set
these values higher.
For more information, see the Microsoft documentation about
creating IPSec flows.
NOTE: You must complete all of the sequences in this section to establish
and enable a security policy for transmitting and receiving encrypted data over
the network.