Enterasys Networks CSX6000 User Manual
Page 235
Central Site Remote Access Switch 235
C
ONFIGURING
E
NCRYPTION
Configuration
associations for incoming and outgoing packets. The incoming packet security association on site
“A” must match the outgoing packet security association on site “B” and vice versa.
F
INAL
D
ESTINATION
IP A
DDRESS
IP address using dotted decimal notation that specifies the remote (“destination”) trusted network
or host.
S
UBNET
M
ASK
The subnet mask identifies a subnetwork. The value of the mask determines which part of the 32-
bit IP address is the “network” address. For example, if you have an IP address of 197.4.2.2 and
specify a 16-bit mask, the system recognizes the subnetwork as 197.4.0.0. The last two bytes (i.e., the
last 16 bits) of the IP address are ignored.
The Subnet mask is specified by entering the number of contiguous bits that are set for the mask.
The mask bits start at the most significant bit of the IP address field and proceed to the least
significant bit. A subnet mask of 255.255.255.255 equals 32 bits; a subnet mask of 255.255.255.0
equals 24 bits, and so on.
G
ATEWAY
/R
OUTER
IP A
DDRESS
IP address using dotted decimal notation that provides access to (i.e., encryption and decryption
for) the remote trusted (sub-) network or host. The IP address of the gateway must be on the (sub)
network connected to a defined interface.
S
OURCE
IP A
DDRESS
IP address using dotted decimal notation that specifies the local (“source”) trusted network or host.
S
ECURITY
A
SSOCIATION
IV L
ENGTH
M
ENU
The IV or Initial Value Length refers to the number of bits to be added to a soon-to-be encrypted
datagram in order to make proper encryption calculations. Your choices are 32 bits or 64 bits; 64 is
the default.
S
HARED
S
ECRET
E
NCRYPTION
K
EY
(IP N
ETWORK
E
NCRYPTION
)
The shared secret key must be 64 bits (16 hexadecimal digits) in length. You must configure the
same shared secret on each CyberSWITCH node sharing this security association.
As opposed to a password, a shared secret is not sent across lines, and therefore is not susceptible
to interception. The shared secret is used to encrypt or decrypt data.
S
ECURITY
A
SSOCIATION
A
UTHENTICATION
M
ENU
(IP N
ETWORK
E
NCRYPTION
)
This menu specifies whether or not to use an Authentication Header in addition to ESP encryption.
Choices are: No Authentication or Authentication using MD5.
A
UTHENTICATION
U
SING
MD5 (IP N
ETWORK
E
NCRYPTION
)
Specifies Authentication Header (AH) implementation using the Message Digest 5 (MD5)
algorithm with 128-bit keys. AH can be enabled (with appropriate shared secret keys) for each
individual security association.
S
HARED
S
ECRET
A
UTHENTICATION
K
EY
(IP N
ETWORK
E
NCRYPTION
)
The shared secret key must be 128 bits (32 hexadecimal digits) in length. You must configure the
same shared secret on each CyberSWITCH node sharing in authentication implementation.