Dascom 7010 PrintServer Manual User Manual

Internet Protocol Security (IPsec)

Print Server User Manual

112

Table 7: Components of an IPsec policy

If an IP data packet is forwarded via a ’security association’, the
actual IPsec security will be applied.

Security Association

A security association (SA) is the establishment of shared security
information between two network entities. It serves as a basis for
the use of IPsec and can be compared to a tunnel.

The SA specifies which security measures to use for a packet. SAs are
established between sender and recipient. The following SA
parameters are required:

• authentication method of the participants (pre-shared key or

certificate)

• key algorithm to be used for the IPsec connection (see: Table 11

Ö

124)

• time after which another authentication is required (optional)

• time after which the IPsec key must be renewed (optional)

Component

Description

Filter list

A filter list contains one or several filters.
A filter is the description of
- IP traffic (IP address / IP address range) and
- protocols and services that are used.

Filter action

This is the action to be carried out if a data packet matches the
description of a filter. The following actions can be defined:
- Allow IP data packets
- Block IP data packets
- Forward IP data packets via a ’security association’.

Rule

A rule is composed of a filter list and a filter action. Thus it is
specified that a certain action belongs to a certain filter.