EasyManua.ls Logo

AudioCodes Mediant 8000 - Configuring IPSEC;IKE for Management Interfaces (on SC Boards); Mediant; Table 33-6: SNMP Management Modes

AudioCodes Mediant 8000
924 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Version 6.6 341 October 2014
Installation & Operation Manual 33. Configuring Security Settings
33.11.3 Configuring IPSEC/IKE for Management Interfaces (on SC
boards)
IPSEC/IKE protocols may be used to secure communication between the Media
Gateway and SNMP managers, Syslog servers and NTP servers. The Transport
mode IPSEC/IKE association between the Media Gateway and the EMS server is
configured via the tools ems command (see Configuring Connectivity between the
Media Gateway and the EMS Server on page 171). IPSEC/IKE associations between
the Media Gateway and additional SNMP managers and/or tunnel mode IPSEC/IKE
associations are configured as decribed below.
To configure IPSEC/IKE association for management interfaces, the following
configuration entities (MOs) are used:
SC IPSEC Rule represents a single IPSEC/IKE association on SC boards (that
handle all management traffic) ; up to 10 associations may be configured
SC IKE Proposal represents an IKE proposal (a set of encryption and
authentication protocols) used for specific SC IPSEC Rule; up to 4 proposals may
be configured for each rule
When IPSEC/IKE associations are configured for SNMP managers (EMS, NMS,
OSS), the actual mode of operation is determined by the selected SNMP management
mode.
Table
33-6: SNMP Management Modes
SNMP Management Mode Actual mode of Operation
SNMPv2
IPSEC/IKE associations may be configured for specific
SNMP managers. If such a configuration is performed,
management traffic between the Media Gateway and
specific SNMP manager is encrypted.
Access to incoming SNMP port 161 on the Media Gateway
iis not protected. As a result, unsecured SNMP managers,
provisioned with the correct public and private keys, may
connect to it.
SNMPv2 + IPSEC
IPSEC/IKE associations must be configured for all SNMP
managers who access the Media Gateway’s MIB.
IPSEC/IKE encryption is enforced on the incoming SNMP
port 161, therefore unsecured SNMP managers can’t
connect to it.
Unsecured SNMP managers (without proper IPSEC/IKE
association configured) may be used to receive SNMP
notifications (traps) from the Media Gateway.

Table of Contents

Related product manuals