H685 H820 VPN User Manual
E- L ins Technology Co.,Limited
Tel:
Chapter
Chapter
Chapter
Chapter 2
2
2
2
2
2
2
2 How
How
How
How to
to
to
to C
C
C
C onfig
onfig
onfig
onfig ure
ure
ure
ure IPSec
IPSec
IPSec
IPSec
IPSec provides authentication and encryption services to protect unauthorized
viewing or modification of data within your network or as it is transferred over an
unprotected network, such as the public Internet. IPSec is generally implemented in
two types of configurations:
� Site-to-site — this configuration is used between two IPSec security
gateways, such as PIX Firewall.
A
site-to-site VPN interconnects networks in
different geographic locations.
� Remote access — this configuration is used to allow secure remote access
for VPN clients, such as mobile users.
A
remote access VPN allows remote
users to securely access centralized network resources.
IPSec can be configured to work in two different modes:
� Tunnel Mode — This is the normal way in which IPSec is implemented
between two security gateways that are connected over an un - trusted
network, such as the public Internet
� Transport Mode — this method of implementing IPSec is typically done with
PPTP to allow authentication of remote Windows 2000 VPN clients.
The main task of IPSec is to allow the exchange of private information over an
insecure connection. IPSec uses encryption to protect information from interception or
eavesdropping. However, to use encryption efficiently, both parties should share a
secret that is used for both encryption and decrypting of the information.
IPSec operates in two phases to allow the confidential exchange of a shared secret:
� Phase 1, which handles the negotiation of security parameters required to
establish a secure channel between two IPSec peers. Phase 1 is generally
implemented through the Internet Key Exchange (IKE) protocol. If the remote
IPSec peer cannot do IKE, you can use manual configuration with pre-shared
keys to complete Phase 1.
� Phase 2, which uses the secure tunnel established in Phase 1 to exchange
the security parameters required to actually transmit user data.
The secure tunnels used in both phases of IPSec are based on security associations
(SAs) used at each IPSec end point. SAs describe the security parameters, such as
the type of authentication and encryption that both end points agree to use.
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais