Enterasys Networks CSX6000 User Manual
Page 233
Central Site Remote Access Switch 233
C
ONFIGURING
E
NCRYPTION
Configuration
Note:
For the Final Destination and Source IP addresses, you may enter the entire address (i.e.,
197.1.2.2 vs. 197.1.0.0); however, the subnet mask will determine how many significant bits
the system will actually consider.
5.
The next series of questions pertain to the Authentication Header. To implement an
Authentication Header, select Authentication using MD5, and provide a shared secret
authentication key. If you do not wish to use an Authentication Header, select No
Authentication:
6.
Complete this IP Security configuration:
Refer to the Background Information section for a pertinent example of
configuration.
U
SING
M
ANAGE
M
ODE
Not currently supported.
C
ONFIGURING
L
INK
L
AYER
E
NCRYPTION
(PPP E
NCRYPTION
O
NLY
)
Link Layer Encryption provides encryption capabilities for all protocols within a PPP environment.
This feature allows you to:
•
enable encryption for PPP devices,
•
select either an automatic key exchange or manually-configured keys, and then
•
for manual-key configuration, assign key values to devices to encrypt/decrypt datagrams
U
SING
CFGEDIT
1.
From the CFGEDIT Main Menu, select Security.
2.
Select Device Level Databases.
3.
Select On-node device entries.
4.
Follow on-screen instructions to enable device level security, and then add a new (or change an
existing) device. Refer to
Configuring Device Level Databases
for details.
5.
From the Device Table Menu, select Encryption. A menu similar to the following will be
displayed:
Security Association Authentication Menu:
1) No Authentication
2) Authentication using MD5
3) Id of Authentication to use [default = 1]? 2
Enter the Shared Secret Authentication Key for this Association:
Enter the Security Parameter Index (SPI) for this Security Association: 12345678
Select function from above or