Avaya Configuring IP Security Services Instrukcja Użytkownika Pobierz pdf (Strona 27)

Overview of IPsec

304111-B Rev 00

1-9

Inbound Policies

An inbound policy determines how a security gateway processes data packets

received from an untrusted network. Every packet arriving at a security gateway is

compared with the criteria to determine whether it matches an IPsec policy for

that router. If the incoming packet matches a bypass policy, the router accepts the

packet and, if the policy is so configured, logs it.

If the packet does not match any policy or matches a drop policy, the router rejects

the packet. When a packet does not match any policy, IPsec’s default action is to

drop it.

For an inbound security policy, the action may be:

•Drop

• Bypass

•Log

Drop and bypass are mutually exclusive. The log action may be added to either, or

used alone.

Outbound Policies

An outbound policy determines how a security gateway processes data packets for

transmission across an untrusted network. You must assign an outbound policy for

all unicast traffic leaving an IPsec interface.

For an outbound policy, the action specification may be:

• Protect

•Drop

• Bypass

•Log

Any outbound policy with a protect action specification is mapped to a Protect

SA. See “

Summarizing Security Policies and SAs” on page 1-14 for detailed

information about Protect and Unprotect SAs.

Drop, protect, and bypass are mutually exclusive. The log action may be added to

any of the three, or used alone.

1 2 ... 22 23 24 25 26 27 28 29 30 31 32 ... 99 100

Brak uwag

Avaya Configuring IP Security Services Instrukcja Użytkownika Strona 27