Avaya Configuring IP Security Services Instrukcja Użytkownika Pobierz pdf (Strona 32)

Configuring IPsec Services

1-14

304111-B Rev 00

Summarizing Security Policies and SAs

Table 1-1 and Table 1- 2 provide a framework for understanding IPsec policies and

SAs. They provide examples of how policies and SAs might be implemented, but

are not meant to be comprehensive.

In Table 1-1

, each row defines the policy specification for the policy named in the

first column. For example, the “blue” policy specifies two criteria -- IP source

address and IP destination address -- and the “drop” action. This might be used to

discard all traffic from an undesirable site.

The “yellow” and “green” policies specify a Protect SA action. The yellow policy

covers traffic in just one protocol (TCP) to a particular subnet, while the green

policy covers all traffic to particular addresses.

The “black” policy specifies the Protocol criterion only and the “bypass” action.

In this case the ICMP protocol (typically used for PING functions) is passed

through the security gateway without IPsec encryption.

You may define SA parameters (automatically or manually) for a policy

immediately after you specify the policy using them (Table 1-2)

Table 1-1. Security Policy Specifications

Policy Name Protocol

IP Source

Address

IP Destination

Address Action

Blue (any) IP address IP address Drop

Yellow 6 (TCP) IP subnet IP subnet Protect SA

Green (any) Range of

IP addresses

Range of

IP addresses

Protect SA

Black 1 (ICMP) Any IP address Bypass

1 2 ... 27 28 29 30 31 32 33 34 35 36 37 ... 99 100

Brak uwag

Avaya Configuring IP Security Services Instrukcja Użytkownika Strona 32