beautypg.com

Siemens 5890 User Manual

Page 90

background image

SIEMENS 5890 DSL Router
User’s Guide

Chapter 6 Security Setup

IKE/IPSec Configuration

SIEMENS

84

IKE IPSec Proposals Definition

IKE IPSec Proposals specify how packets will be encrypted/authenticated for the final SA. IPSec uses SAs
(Security Associations) for making connections between two devices. An SA is an instance of a security policy
and keying material applied to a data flow. SAs are negotiated between the two connection endpoints and
contain information on sequence numbering.

An IPSec SA is unidirectional, applying to only one direction of data flow, so a set of SAs is needed for a
secure connection. For each security protocol used, one SA is needed for each direction (inbound and
outbound).

An IPSec connection uses a security protocol (AH or ESP) that authenticates the sender of each data packet.
Usually, only one security protocol is used for a connection, so the connection would use two SAs (one
inbound and one outbound). However, it is possible for the same connection to be configured to use both the
ESP and the AH protocol. In this case, four SAs would be required (one inbound and one outbound for the AH
protocol, and one inbound and one outbound for the ESP protocol.

To define a new IKE IPSec proposal:

1. Click Create next to IKE IPSec Proposals from the Advanced IKE/IPSec Setup page. This displays the IKE

IPSec Proposal Definition page.

2. In IPSec Proposal Name, enter the logical name for the IKE IPSec Proposal Definition. This name is of no

importance to the remote IKE peer.