5–Managing Switches
Configuring the Network
59266-01 B 5-35
Security Policies
A security policy defines the following parameters:
Connection source and destination
Data traffic direction: inbound or outbound
Protocols for which to protect data traffic
Security protocols; Authentication Header (AH) or Encapsulating Security
Payload (ESP)
Level of protection: IP Security, discard, or none
Policies can define security for host-to-host, host-to-gateway, and
gateway-to-gateway connections; one policy for each direction. For example, to
secure the connection between two hosts, you need two policies: one for
outbound traffic from the source to the destination, and another for inbound traffic
to the source from the destination. You can specify sources and destinations by IP
addresses (version 4 or 6) or DNS host names. If a host name resolves to more
than one IP address, the switch creates the necessary policies and associations.
You can recognize these dynamic policies and associations because their names
begin with DynamicSP_ and DynamicSA_, respectively.
You can apply IP security to all communication between two systems, or to select
protocols, such as ICMP, TCP, or UDP. Furthermore, instead of applying IP
security, you can choose to discard all inbound or outbound traffic, or allow all
traffic without encryption. Both the AH and ESP security protocols provide source
authentication, ensure data integrity, and protect against replay.
To create a policy, click Add on the Security Policy Database side of the Create
IPsec Configuration dialog box. This opens the Create IPsec Security Policy
dialog box (Figure 5-17). Table 5-7 describes the text boxes in the Create IP
Security Policy dialog box.
Copy Copies the selected association or policy. This puts the association or pol-
icy into the
workstation clipboard. When you paste a copy, it is added to
the list.
Paste
Pastes an association or policy from the workstation clipboard into the
corresponding database. The newly created associations must be edited
to make them unique.
Export
Saves the selected association/policy configuration to an
XML file
Import
Imports an association or policy from an XML file
Table 5-6. IPsec Configuration Dialog Box Buttons
Button Description
To Next Page
Loading...
Need help?
General
