beautypg.com

Ip security – Enterasys Networks CSX6000 User Manual

Page 33

background image

Central Site Remote Access Switch 33

T

HE

C

YBER

SWITCH

Unique System Features

IP Security
The CyberSWITCH encryption option implements Encapsulating Security Payload (ESP)
protocol. ESP allows you to use CyberSWITCH nodes to implement a Secure Wide Area
Network using the Internet as a backbone. ESP provides confidentiality of data transmissions
using encryption to assure that packets intercepted during transit through the internet cannot
be interpreted.

The CyberSWITCH encryption option supports ESP Tunnel mode, in which an entire IP
datagram (including its header) is encrypted and placed in a new IP datagram. This option
provides the flexibility to choose which IP addresses must be sent encrypted data, and which
may receive plain (unencrypted) data. The CyberSWITCH encryption option provides WAN
connectivity for up to 92 B channels (with PRI and/or BRI connections).

Link Layer Encryption
The CyberSWITCH also provides the ability to do encryption at the PPP layer using Encryption
Control Protocol with compatible devices.

Multiple MAC/IP Addresses
This feature allows two or more nodes to back up each other through the use of the Connection
Services Manager (CSM).

With this feature, two or more identically configured CyberSWITCH nodes on the same LAN
can be monitored by CSM. Should CSM notice some condition which precludes one of the
CyberSWITCH nodes from properly performing its function, it will order the other
CyberSWITCH node to take over the other’s duties by taking on its identity (i.e., its MAC and
IP addresses).

Packet Capture
In order to monitor incoming LAN data, the CyberSWITCH packet capture feature will allow
you to capture, display, save, and load bridged or routed data packets.

Protocol Discrimination
It is possible for multiple types of remote devices to use the same line. The system can
determine the device type and the protocol encapsulation used by remote devices.

RS232 Port: Dual Usage
If your installation requires you to process PPP-Async data, this feature allows you to use the
RS232 port for either console access or a serial data connection. This dual usage is possible
through the CyberSWITCH’s support of Autosense mode (the system default) and Terminal
mode:

Autosense mode determines whether you are trying to connect using a VT emulation or PPP-
Async, and connects you appropriately. (VT emulation requires you to perform four car-
riage returns to receive a login prompt.)

Terminal mode assumes that you only want to connect using VT emulation. A login prompt
is displayed as soon as the connection is made.

Security
Security is a key issue for all central site network managers and is a priority with the
CyberSWITCHs. The products provide high level features that help prevent unauthorized or
inadvertent access to critical data and resources. They support extensive security levels
including:

PPP PAP and CHAP

This manual is related to the following products: