OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 18-1
18 Configuring IPsec
Internet Protocol security (IPsec) is a suite of protocols for securing IPv6 communications by
authenticating and/or encrypting each IPv6 packet in a data stream. IPsec is a framework of open standards
designed to provide interoperable, high quality, cryptographically-based security for IPv6 networks
through the use of appropriate security protocols, cryptographic algorithms, and cryptographic keys. The
set of security services offered includes access control, connectionless integrity, data origin authentication,
detection and rejection of replays (a form of partial sequence integrity), and confidentiality (via
encryption).
These security services are provided through use of two security protocols, the Authentication Header
(AH) and the Encapsulating Security Payload (ESP), and through the use of cryptographic key
management procedures and protocols.
In This Chapter
This chapter describes the basic components of IPsec and how to configure them through the Command
Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the
syntax of commands, see the OmniSwitch AOS Release 8 CLI Reference Guide.
Configuration procedures described in this chapter include:
• Master Key Configuration (see “Configuring an IPsec Master Key” on page 18-10).
• Security Policy Configuration (see “Configuring an IPsec Policy” on page 18-11).
• Security Policy Rule Configuration (see “Configuring an IPsec Rule” on page 18-14).
• Assigning an action to a policy” on page 18-13 (see “Assigning an Action to a Policy” on page 18-13)
• SA Configuration (see “Configuring an IPsec SA” on page 18-15).
• Security Association Key Configuration (see “Configuring IPsec SA Keys” on page 18-16).
• Default Discard Policy (see “Enabling and Disabling Default Discard Policy” on page 18-19).
Note. The OmniSwitch currently supports IPsec for IPv6 only.
To Next Page
Loading...
