Billion Electric Company BiGuard 30 Manual De Usuario
162
E.2.1.3 Security Associations (SA)
Security Associations are a one-way relationships between sender and receiver that
specify IPSec-related parameters. They provide data protection by using the
defined IPSec protocols, and allow organizations to control according to the security
policy in effect, which resources may communicate securely.
SA is identified by 3 parameters:
- Security Parameters Index (SPI), a locally unique value
- Destination IP Address
- Security Protocol: (AH or ESP, but not both)
There are several other parameters associated with an SA that are stored in a
Security Association database.
E.2.2 IPSec Modes
To exchange data between different types of VPNs, IPSec provides two major
modes:
- Tunnel Mode
This mode is used for host-to-host security. Protection extends to the payload of IP
data, and the IP addresses of the hosts must be public IP addresses.
modes:
- Tunnel Mode
This mode is used for host-to-host security. Protection extends to the payload of IP
data, and the IP addresses of the hosts must be public IP addresses.
Sequence Number
SPI
Authentication Data
Data
Next
H
d
Pad
L
Pad
IV