Cisco 3002 - VPN Hardware Client Podręcznik Użytkownika Pobierz pdf (Strona 58)

6 Tunneling

6-2

VPN 3002 Hardware Client User Guide

Configuration | System | Tunneling Protocols

This section lets you configure the IPSec tunneling protocol.

1 Click

IPSec.

Figure 6-1: Configuration | System | Tunneling Protocols screen

Configuration | System | Tunneling Protocols | IPSec

The VPN 3002 complies with the IPSec protocol and is specifically designed to work with the VPN

Concentrator. IPSec provides the most complete architecture for VPN tunnels, and it is perceived as the

most secure protocol.

In IPSec terminology, a “peer” is a remote-access client or another secure gateway. During tunnel

establishment under IPSec, the two peers negotiate Security Associations that govern authentication,

encryption, encapsulation, key management, etc. These negotiations involve two phases: first, to

establish the tunnel (the IKE SA); and second, to govern traffic within the tunnel (the IPSec SA).

The VPN 3002 initiates all tunnels with the VPN Concentrator; the Concentrator functions only as

responder. The VPN 3002 as initiator propose SAs; the responder accepts, rejects, or makes

counter-proposals—all according to configured SA parameters. To establish a connection, both entities

must agree on the SAs.

The Cisco VPN 3002 supports these IPSec attributes, but they are configurable on the central-site

Concentrator, not on the VPN 3002:

• Main mode for negotiating phase one of establishing ISAKMP Secure Associations (SAs)

• Aggressive mode for negotiating phase one of establishing ISAKMP SAs

• Authentication Algorithms:

– ESP-MD5-HMAC-128

– ESP-SHA1-HMAC-160

• Authentication Modes:

– Preshared Keys

– X.509 Digital Certificates

• Diffie-Hellman Groups 1and 2

• Encryption Algorithms:

– DES-56

– 3DES-168

• Extended Authentication (XAuth)

1 2 ... 53 54 55 56 57 58 59 60 61 62 63 ... 219 220

Brak uwag

Cisco 3002 - VPN Hardware Client Podręcznik Użytkownika Strona 58