beautypg.com

Enterasys Networks CSX6000 User Manual

Page 232

background image

USER’S GUIDE

232 CyberSWITCH

C

ONFIGURING

S

ECURITY

A

SSOCIATIONS

AND

A

UTHENTICATION

(IP S

ECURITY

O

NLY

)

IP Security encryption configuration consists of the following elements:

setting up security associations for Encapsulating Security Payload (ESP)

optionally specifying keys for Authentication Headers (AH)

Security Associations are necessary for IP networks that plan to use an untrusted/unprotected
media, such as the Internet. Security Associations identify the IP addresses for which exchanged
datagrams must be encrypted. They also provide the parameters necessary to encrypt and decrypt
IP datagrams. By default, the CyberSWITCH has no Security Associations. Therefore, to enable
encryption, you must specify these associations.

When configuring two CyberSWITCH nodes, the security association information from one node
must parallel the information on the other node. The parameters for Transform Menu, Shared Secret
Key
, and Security Parameter Index must be the same on both nodes in order for the nodes to
communicate.

Likewise, if you plan to authenticate packets prior to encryption/decryption, the authentication
key information from one node must parallel the information on the other node.

U

SING

CFGEDIT

1.

From the CFGEDIT Main Menu, select Options.

2.

Select IP Routing. If IP routing is disabled, enable this now.

3.

Select IP Security Associations.

4.

Select Add. Respond to the following series of questions:

Security Association Packet Direction Menu:

1) Outgoing (packets from trusted local subnet to remote site)
2) Incoming (packets to trusted local subnet from remote site)
3) Both outgoing and incoming

ID of the Direction for this Security Association [default = 3] ?

Enter the Final Destination IP address in dotted decimal notation or to cancel?
197.1.0.0

Enter the number of significant bits for the Subnet Mask [default = 8 ]? 16

Enter the Source IP Address in dotted decimal notation or to cancel? 197.4.0.0

Enter the number of significant bits for the Subnet Mask [default = 8]? 16

Enter the Destination Gateway/Router IP Address in dotted decimal notation or
to cancel? 197.1.1.1

Security Association IV Length Menu:
1) 32 bits
2) 64 bits

ID of IV length to use: [default = 2]?

Enter the Shared Secret Encryption Key for this Security Association:
AAABBB1234567890

This manual is related to the following products: