Configure Virtual Private Networking (VPN) IPsec parameters
Digi TransPort WR Routers User Guide 406
IPsec parameters
IPsec (Internet Protocol security) is a group of protocols and standards for protecting data during
transmission over the internet (which is inherently insecure). Various levels of support for IPsec can
be provided on the router depending on the model. The web pages located under the
Configuration > Network > Virtual Private Networking (VPN) > IPsec set the various parameters
and options that are available. You should note however that this is a complex area and you should
have a good understanding of user authentication and data encryption techniques before you
commence. For further information refer to the IPsec and VPNs section in this manual. Also check
the Technical Notes section of the Digi International web site at www.digi.com for the latest IPsec
application notes.
The first stage in establishing a secure link between two endpoints on an IP network is for those two
points to securely exchange a little information about each other. This enables the endpoint
responding to the request to decide whether it wishes to enter a secure dialogue with the endpoint
requesting it. To achieve this, the two endpoints commonly identify themselves and verify the
identity of the other party. They must do this in a secure manner so that the process cannot be
listened in to by any third party. The IKE protocol performs this checking and if everything matches
up it creates a Security Association (SA) between the two endpoints, normally one for data being
sent to the remote end and one for data being received from it.
Once this initial association exists the two devices can talk securely about and exchange
information on what kind of security protocols they would like to use to establish a secure data link,
such as what sort of encryption and/or authentication they can use and what sources/destinations
they will accept. When this second stage is complete (and provided that both systems have agreed
what they will do), IPSec will have set up its own Security Associations which it uses to test incoming
and outgoing data packets for eligibility and perform security operations on before passing them
down or relaying them from the tunnel.
To Next Page
Loading...
