beautypg.com

Motorola 3347 User Manual

Page 330

background image

330

The encr yption and authentication keys

Lifetime of encr yption keys

The lifetime of the SA

Replay prevention sequence number and the replay bit table

An arbitrar y 32-bit number called a Security Parameters Index
(SPI), as well as the destination host’s address and the IPSEC
protocol identifier, identify each SA. An SPI is assigned to an SA
when the SA is negotiated. The SA can be referred to by using
an SPI in AH and ESP transformations. SA is unidirectional. SAs
are commonly setup as bundles, because typically two SAs are
required for communications. SA management is always done
on bundles (setup, delete, relay).

serial communication. Method of data transmission in which
data bits are transmitted sequentially over a communication
channel

SHA-1. An implementation of the U.S. Government Secure
Hash Algorithm; a 160-bit authentication algorithm.

Soft MBytes. Setting the Soft MBytes parameter forces the
renegotiation of the IPSec Security Associations (SAs) at the
configured Soft MByte value. The value can be configured
between

1 and 1,000,000 MB

and refers to data traffic passed.

If this value is not achieved, the Hard MBytes parameter is
enforced.

Soft Seconds. Setting the Soft Seconds parameter forces the
renegotiation of the IPSec Security Associations (SAs) at the
configured Soft Seconds value. The value can be configured
between 60 and 1,000,000 seconds.