EasyManua.ls Logo

Alcatel-Lucent OmniAccess 5740 - Best Practices for Deploying Ipsec VPN; Identity

Alcatel-Lucent OmniAccess 5740
1225 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Best Practices For Deploying IPsec VPN
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
865
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
BEST PRACTICES FOR DEPLOYING IPSEC VPN
Virtual Private Networks are convenient, but they can also create gaping security
holes in the network. The following sections discuss general guidelines that needs
to be kept in mind but are independent of VPN configuration.
The following sections provide information on best practices for deploying IPsec
VPN:
“Identity”
“IPsec Access Control”
“IPsec”
“Network Address Translation”
“Network Access Control”
“Interoperability”
IDENTITY
It is important that the devices are identified in a secure and manageable manner.
Device authentication uses either a preshared key or digital certificates to provide
the device authentication.
P
RESHARED KEY
Preshared keys are of three types:
Unique—Unique preshared keys are tied to a specific IP address.
Group—Group preshared keys are tied to a group-name identity
Wild card—These keys are not associated with any factor unique information to
determine a peer's identity.
Since, a Wild Card Key is not tied to a specific IP address, it should not be used
when deploying site-to-site VPN tunnels. When using Wild Card keys, every
single device uses the same key. Hence, if a single device in the network has
been compromised and the wild card key has been determined, all the devices in
the network are compromised.
Using Unique preshared key is advisable. But the drawback of using preshared
key is that it would not scale in large networks. Providing strong device
authentication also would depend upon how often the keys are changed and the
key length. Most devices provide a maximum key length of 127 characters strong.
It is up to you to decide upon the key length. It is recommended to use a minimum
key length of 16 characters.
Note: The OmniAccess 5740 USG supports only unique preshared key to provide better
security.

Table of Contents

Other manuals for Alcatel-Lucent OmniAccess 5740

Preview: User Guide
User Guide360 pages
Preview: Cli Command Reference Guide
Cli Command Reference Guide1043 pages
Preview: Getting Started Guide
Getting Started Guide21 pages

Related product manuals