beautypg.com

Transport mode and tunnel mode, Table 19, Draft: brocade confidential – Dell POWEREDGE M1000E User Manual

Page 257

background image

Web Tools Administrator’s Guide

229

53-1001772-01

IPsec concepts

17

DRAFT: BROCADE CONFIDENTIAL

From Web Tools, you can establish IPsec policies for FCIP implementations on 7800 extension
switches with the upgrade license, the 7500 extension switches and FR4-18i blades, and you can
establish IPsec policies for IP interfaces that provide management access to switches and control
processors.

There are several protocols and algorithms that can be applied. Choosing the protocols and
algorithms you want to use may be a matter of adapting to an implementation that is already in
place in your LAN, or you may need to do a significant amount of research and planning. The
supported protocols and algorithms are defined and described in the RFCs listed in

Table 19

.

Transport mode and tunnel mode

Transport mode adds an authentication header (AH) before the IP header. Only a single pair of
addresses is used (those in the IP header). When transport mode is used, both endpoints
implement IPsec.

Tunnel mode encapsulates an IP datagram in a new datagram, with a new IP header specifying the
addresses of the tunnel end points. IPsec is implemented between tunnel endpoints. IPsec is
transparent to the actual endpoints within the IP header in the original packet.

TABLE 19

Relevant RFCs

RFC number

Title

RFC 4301

Security Architecture for the Internet Protocol

RFC 4302

IP Authentication Header

RFC 4303

IP Encapsulating Security Payload

RFC 4304

Extended Sequence Number (ESN) Addendum
to IPsec Domain of Interpretation (DOI) for
Internet Security Association and Key
Management Protocol (ISAKMP)

RFC 4305

Cryptographic Algorithm Implementation
Requirements for Encapsulating Security
Payload (ESP) and Authentication Header

RFC 4869

Suite B Cryptographic Suites for IPsec

RFC 4309

Using Advanced Encryption Standard (AES)
CCM Mode with IPsec Encapsulating Security
Payload (ESP)

RFC 4306

Internet Key Exchange Version 2 (IKEv2)
Protocol

RF C4307

Cryptographic Algorithms for Internet Key
Exchange Version 2 (IKEv2)

RFC 3971

Secure Neighbor Discovery

RFC 3972

Cryptographically Generated Addresses

RFC 3041

Privacy Extensions for Stateless Address Auto
configuration in IPv6

See also other documents in the category Dell Computer Accessories: