Академический Документы
Профессиональный Документы
Культура Документы
Page 1 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Objectives
Upon completion of this section, you will be able to:
Explain the basic principles of the IPSec security architecture.
Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
IPSec VPN Application
Branch
HQ
IPSec Tunnel
Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
IPSec VPN Architecture
Authentication
MD5
AH
SHA-1
SHA-2
ESP
Encryption
DES
3DES
AES
IPSec Tunnel
IP AH TCP Data
AH
Authentication
IP AH IP TCP Data
AH
Authenticati
on
Ensure Reachability
Page 8 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
IPSec VPN Configuration
RTA RTB
20.1.1.1/24 20.1.1.2/24
G0/0/1 G0/0/1
IPSec Tunnel
10.1.1.1/24 10.1.2.1/24
Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
IPSec VPN Proposal Verification
RTA RTB
20.1.1.1/24 20.1.1.2/24
G0/0/1 G0/0/1
IPSec Tunnel
10.1.1.1/24 10.1.2.1/24
The IPSec policy is bound to the physical interface via which the IPSec peer
is reachable.
Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
IPSec Policy Verification
...
Inbound ESP setting:
ESP SPI: 12345 (0x3039)
ESP string-key: huawei
ESP encryption hex key:
ESP authentication hex key:
Outbound ESP setting:
ESP SPI: 54321 (0xd431)
ESP string-key: huawei
ESP encryption hex key:
ESP authentication hex key:
...
What are the three possible actions that may be applied to IPSec filtered traffic?
Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com