Avaya Configuring Integrated IP Security Instrukcja Użytkownika Pobierz pdf (Strona 31)

Getting Started with IPsec

304111-A Rev 00

2-7

Security Associations for Bidirectional Traffic

A security association provides security services to data packets traveling in one

direction between secure gateways. To secure the traffic between two security

gateways in both directions, you must configure a protect SA for data transmitted

from the local IPsec interface and an unprotect SA for data received by the local

IPsec interface (Figure 2-4)

Figure 2-4. Security Associations for Bidirectional Traffic

Security Parameter Index (SPI)

A security parameter index (SPI) is an arbitrary but unique 32-bit value that, when

combined with the IP destination address and the numeric value of the security

protocol used (ESP), uniquely identifies the SA for a data packet. Although the

SPI field is 32-bit, the configuration allows only 16-bit entries.

IPsec discards any incoming ESP packet if the security parameter index (SPI)

does not match any SA in the security associations database (SAD).

IP0079A

Network

Security gateway Security gateway

132.245.145.195

132.245.145.205

Protect SA

Source: 132.245.145.205

Destination: 132.245.145.195

Protect SA

Source: 132.245.145.195

Destination: 132.245.145.205

Unprotect SA

Source: 132.245.145.205

Destination: 132.245.145.195

Unprotect SA

Source: 132.245.145.195

Destination: 132.245.145.205

1 2 ... 26 27 28 29 30 31 32 33 34 35 36 ... 71 72

Brak uwag

Avaya Configuring Integrated IP Security Instrukcja Użytkownika Strona 31