EasyManuals Logo

HP 5920 Series Configuration Guide

HP 5920 Series
424 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #231 background imageLoading...
Page #231 background image
220
Configuring IPsec
The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces
and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port
link-mode route command (see Layer 2—LAN Switching Configuration Guide).
CAUTION:
• If you confi
g
ure both IPsec and QoS on an interface, make sure the IPsec traffic classification rules match
the QoS traffic classification rules. If the rules do not match, QoS might classify the packets of one IPsec
SA to different queues, causing packets to be sent out of order. When IPsec anti-replay is enabled, IPsec
will drop the incoming packets that are out of the anti-replay window, resulting in packet loss. IPsec
traffic classification rules are determined by the referenced ACL rules. For information about QoS
classification rules, see
ACL and QoS Configuration Guide
.
• ACLs for IPsec take effect only on traffic that is
g
enerated by the device and traffic that is destined for the
device. They do not take effect on traffic forwarded through the device.
Overview
IP Security (IPsec) is defined by the IETF to provide interoperable, high-quality, cryptographically-based
security for IP communications. It is a Layer 3 VPN technology that transmits data in a secure channel
established between two endpoints (such as two security gateways). Such a secure channel is usually
called an IPsec tunnel.
IPsec is a security framework that comprises the following protocols and algorithms:
• Authentication Header (AH).
• Encapsulating Security Payload (ESP).
• Internet Key Exchange (IKE).
• Algorithms for authentication and encryption.
AH and ESP are security protocols that provide security services. IKE performs automatic key exchange.
For more information about IKE, see "Configuring IKE."
IP
sec provides the following security services for data packets in the IP layer:
• Confidentiality—The sender encrypts packets before transmitting them over the Internet, protecting
the packets from being eavesdropped en route.
• Data integrity—The receiver verifies the packets received from the sender to make sure they are not
tampered with during transmission.
• Data origin authentication—The receiver verifies the authenticity of the sender.
• Anti-replay—The receiver examines packets and drops outdated and duplicate packets.
IPsec delivers the following benefits:
• Reduced key negotiation overhead and simplified maintenance by supporting the IKE protocol. IKE
provides automatic key negotiation and automatic IPsec security association (SA) setup and
maintenance.

Table of Contents

Other manuals for HP 5920 Series

Preview: Command Reference
Command Reference607 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide215 pages
Preview: Installation Guide
Installation Guide63 pages
Preview: Troubleshooting Guide
Troubleshooting Guide52 pages
Preview: Fc And Fcoe Configuration Guide
Fc And Fcoe Configuration Guide257 pages
Preview: Compliance And Safety Manual
Compliance And Safety Manual58 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP 5920 Series and is the answer not in the manual?

HP 5920 Series Specifications

General IconGeneral
BrandHP
Model5920 Series
CategorySwitch
LanguageEnglish

Related product manuals