Configuring Virtual Private Networking (VPN) Configure Internet Protocol security (IPsec)
Digi TransPort® Routers User Guide
470
Configure Internet Protocol security (IPsec)
IPsec (Internet Protocol security) is a group of protocols and standards for protecting data during
transmission over the internet (which is inherently insecure). Various levels of support for IPsec can be
provided on the router depending on the model. The web pages located under the Configuration >
Network > Virtual Private Networking (VPN) > IPsec set the various parameters and options that
are available. You should note however that this is a complex area and you should have a good
understanding of user authentication and data encryption techniques before you commence. For
further information refer to the IPsec and VPNs section in this manual. Also check the Technical Notes
section of the Digi International web site at www.digi.com for the latest IPsec application notes.
The first stage in establishing a secure link between two endpoints on an IP network is for those two
points to securely exchange a little information about each other. This enables the endpoint
responding to the request to decide whether it wishes to enter a secure dialogue with the endpoint
requesting it. To achieve this, the two endpoints commonly identify themselves and verify the identity
of the other party. They must do this in a secure manner so that the process cannot be listened in to
by any third party. The IKE protocol performs this checking and if everything matches up it creates a
Security Association (SA) between the two endpoints, normally one for data being sent to the remote
end and one for data being received from it.
Once this initial association exists the two devices can talk securely about and exchange information
on what kind of security protocols they would like to use to establish a secure data link, such as what
sort of encryption and/or authentication they can use and what sources/destinations they will accept.
When this second stage is complete (and provided that both systems have agreed what they will do),
IPSec will have set up its own Security Associations which it uses to test incoming and outgoing data
packets for eligibility and perform security operations on before passing them down or relaying them
from the tunnel.
To Next Page
Loading...
