Ipsec configuration, Ipsec overview – H3C Technologies H3C SecPath F1000-E User Manual

1

IPsec Configuration

This chapter includes these sections:

•

IPsec Overview

•

Configuring IPsec

•

Implementing ACL-Based IPsec

•

Implementing Tunnel Interface-Based IPsec

•

Configuring IPsec for IPv6 Routing Protocols

•

Displaying and Maintaining IPsec

•

IPsec Configuration Examples

NOTE:

The term

router in this document refers to network routing devices running a routing protocol.

IPsec Overview

IP Security (IPsec) refers to a series of protocols defined by the Internet Engineering Task Force (IETF) to

provide high quality, interoperable, and cryptology-based security for IP packets. By means of facilities

including encryption and data origin authentication, it delivers these security services at the IP layer:

•

Confidentiality: The sender encrypts packets before transmitting them over the Internet.

•

Data integrity: The receiver verifies the packets received from the sender to ensure they are not
tampered during transmission.

•

Data origin authentication: The receiver authenticates the legality of the sender.

•

Anti-replay: The receiver examines packets and rejects outdated or repeated packets.

IPsec delivers these benefits:

•

Reduced key negotiation overheads and streamlined IPsec maintenance by supporting the Internet
Key Exchange (IKE) protocol, which provides automatic key negotiation and automatic IPsec

security association (SA) setup and maintenance.

•

Good compatibility. IPsec can be applied to all IP-based application systems and services without
any modification to them.

•

Encryption on a per-packet rather than per-flow basis. This allows for flexibility and greatly
enhances IP security.

This section covers these topics:

•

Implementation of IPsec

•

Basic Concepts of IPsec

•

IPsec Tunnel Interface

•

IPsec for IPv6 Routing Protocols

•

Protocols and Standards