Avaya Configuring IPsec Services Manuale Utente Scaricare il pdf (Pagina 32)

Configuring IPsec Services

1-14

308630-15.1 Rev 00

Examples of Security Policies and Security Associations

Table 1-1 and Table 1-2 provide examples of how policies and SAs can be

implemented. For more detailed examples of how to configure security policies

and SAs, see Appendix C, “

Configuration Examples.”

In Table 1-1

, each row defines the policy specification for the policy named in the

first column. For example, the “blue” policy specifies two criteria—IP source

address and IP destination address—and the “drop” action. This policy might be

used to discard all traffic from an undesirable site.

The “yellow” and “green” policies specify a Protect SA action. The yellow policy

applies to traffic in just one protocol (TCP) to a particular subnet; the green policy

covers all traffic to particular addresses.

The “black” policy specifies the Protocol criterion only and the “bypass” action.

In this case the protocol ICMP (typically used for ping functions) is passed

through the security gateway without IPsec encryption.

You can define SA parameters (automatically or manually) for a policy

immediately after you create the policy that uses them (Table 1-2)

Table 1-1. Security Policy Specifications

Policy Name Protocol

IP Source

Address

IP Destination

Address Action

Blue (any) IP address IP address Drop

Yellow 6 (TCP) IP subnet IP subnet Protect SA

Green (any) Range of

IP addresses

Range of

IP addresses

Protect SA

Black 1 (ICMP) Any IP address Bypass

1 2 ... 27 28 29 30 31 32 33 34 35 36 37 ... 121 122

Nessun commento

Avaya Configuring IPsec Services Manuale Utente Pagina 32