beautypg.com

Configuring ipsec, Feature and hardware compatibility, Ipsec overview – H3C Technologies H3C SecPath F1000-E User Manual

Page 163: Security protocols

background image

151

Configuring IPsec

The term "router" in this document refers to both routers and Layer 3 firewalls.

Feature and hardware compatibility

Feature F1000-A-EI/E-SI/S-AI

F1000-E

F5000-A5 Firewall

module

FIPS No

No

No

Yes

IPsec overview

IP Security (IPsec) is a security framework defined by the Internet Engineering Task Force (IETF) for

securing IP communications. It is a Layer 3 virtual private network (VPN) technology that transmits data

in a secure tunnel established between two endpoints.
IPsec guarantees the confidentiality, integrity, and authenticity of data and provides anti-replay service at
the IP layer in an insecure network environment.

Confidentiality—The sender encrypts packets before transmitting them over the Internet.

Data integrity—The receiver verifies the packets received from the sender to make sure that they are
not tampered with during transmission.

Data origin authentication—The receiver verifies the authenticity of the sender.

Anti-replay—The receiver examines packets and drops outdated and duplicate packets.

IPsec delivers these benefits:

Reduced key negotiation overheads and simplified maintenance by supporting the Internet Key
Exchange (IKE) protocol. IKE provides automatic key negotiation and automatic IPsec security

association (SA) setup and maintenance.

Good compatibility. You can apply IPsec to all IP-based application systems and services without
modifying them.

Encryption on a per-packet rather than per-flow basis. Per-packet encryption allows for flexibility
and greatly enhances IP security.

Security protocols

IPsec comprises a set of protocols for IP data security, including Authentication Header (AH),
Encapsulating Security Payload (ESP), IKE, and algorithms for authentication and encryption. AH and

ESP provides security services and IKE performs key exchange. For more information about IKE, see

"Configuring IKE."
IPsec provides two security mechanisms: authentication and encryption. The authentication mechanism

allows the receiver of an IP packet to authenticate the sender and check if the packet has been tampered
with. The encryption mechanism ensures data confidentiality and protects the data from being

eavesdropped en route.