beautypg.com

Link layer encryption, Link layer encryption: manually-configured keys, Link layer encryption 238 – Enterasys Networks CSX6000 User Manual

Page 238

background image

USER’S GUIDE

238 CyberSWITCH

On the CyberSWITCH, AH is added to a packet after ESP application. When a remote node receives
the encrypted packet, it first processes the authentication information in the AH. If the AH
information is valid, the node proceeds to decrypt the packet. If authentication fails, the packet is
dropped.

L

INK

L

AYER

E

NCRYPTION

Link layer encryption is available for WAN services using PPP (data-link layer) protocol. It
accommodates network layer protocols such as IP, IPX and AppleTalk protocols, and can also be
used for bridged data. Link layer encryption may use the DES algorithm along with configured
encryption keys, or it may use an automated key exchange. Link layer encryption (using either the
manual keys or the automated key exchange) is set up on a per-device basis. Device-level
authentication is required when using Link Layer encryption.

L

INK

L

AYER

E

NCRYPTION

: M

ANUALLY

-C

ONFIGURED

K

EYS

When using manually-configured keys, each device needs to have two keys - one for encrypting
outgoing data, and one for decrypting incoming data. These manually-configured keys need to
match the keys configured on the remote node. That is, the CyberSWITCH’s encryption key needs
to match the remote node’s decryption key, and vice versa.

The following graphic illustrates a CyberSWITCH encryption network using manually-configured
keys. The nodes are communicating via Point-to-Point Protocol over various types of WAN links:

dedicated lines

ISDN

Frame Relay

The CyberSWITCH will provide privacy for all communications across each of the WAN links by
encrypting data using DES. Communications on the LAN will be in the clear.

Frame Relay

ISDN

CSX5500

CSX5500

CSX5500

CSX100

PRI

DDS, SW56, T1, or FT1

BRI's

CSU

CSU

NT1

NT1

CSU

CSU

NT1

Bandwidth-on-Demand
Routing

Back-Up &
Overflow

"Larry"

"Moe"

"Curly"

"Corp"

Corp Encrypt Key: 001122334455667788
Decrypt Key: 1212ABCD2121DCBA

Corp Encrypt Key: ABCDEFABCDEFABCD
Decrypt Key: 2222222222222222

Corp Encrypt Key: 4321432143214321
Decrypt Key: 1234567890987654

Device Table Menu
Larry: Encrypt Key: 1212ABCD2121DCBA
Decrypt Key: 001122334455667788
Moe: Encrypt Key: 2222222222222222
Decrypt Key: ABCDEFABCDEFABCD
Curly: Encrypt Key: 1234567890987654
Decrypt Key: 4321432143214321

C A B L E T R O N S Y S T E M S

This manual is related to the following products: