Avaya 3.7 User Manual
Issuer Certificates
Issue 4 May 2005
315
Dynamic VPNs
Dynamic VPNs are VPNs that can be readily scaled as dictated by business
demands. As the remote client user population grows, the authentication and
session configuration information for each new user must necessarily also
grow. By maintaining this information not in the security gateway’s flash
memory but on a dedicated network host device, the number of users becomes
unlimited. Two techniques of achieving this functionality normally used are
LDAP or RADIUS.
demands. As the remote client user population grows, the authentication and
session configuration information for each new user must necessarily also
grow. By maintaining this information not in the security gateway’s flash
memory but on a dedicated network host device, the number of users becomes
unlimited. Two techniques of achieving this functionality normally used are
LDAP or RADIUS.
Dyna Policy
An Avaya VPN term relating to a dynamic configuration download of VPN
session security parameters to the remote client computer upon connection to a
security gateway. This technique assures maximum security in a VPN session.
session security parameters to the remote client computer upon connection to a
security gateway. This technique assures maximum security in a VPN session.
E
Encapsulation
The process of placing the contents of one packet into that of payload of
another packet.
another packet.
Extranet security
gateway
gateway
It is possible to create a Group associated with a security gateway that is not
managed by your company’s VPNmanager. This happens when creating
“extranets,” or VPNs between partner corporations. In an extranet, each
corporate network uses VPN components that are managed separately by each
company’s system administrator.
managed by your company’s VPNmanager. This happens when creating
“extranets,” or VPNs between partner corporations. In an extranet, each
corporate network uses VPN components that are managed separately by each
company’s system administrator.
F
Firewall
A network device acting as a filter to restrict access to private network
resources from the public. Filtering typically is based on the types of packets
exchanged between two devices on the network.
resources from the public. Filtering typically is based on the types of packets
exchanged between two devices on the network.
H
Heartbeat
A special VPN packet broadcast by a primary security gateway used to facilitate
the resilient tunnel function.
the resilient tunnel function.
IKE (Internet Key
Exchange)
Exchange)
A key-management protocol, IKE defines procedures and packet formats to
establish, negotiate, modify and delete Security Associations (SAs) and defines
payloads for exchanging key generation and authentication data. These
formats provide a consistent framework for transferring key and authentication
data which is independent of the key generation technique, encryption
algorithm and authentication mechanism. Now combined with Oakley to form
IKE.
establish, negotiate, modify and delete Security Associations (SAs) and defines
payloads for exchanging key generation and authentication data. These
formats provide a consistent framework for transferring key and authentication
data which is independent of the key generation technique, encryption
algorithm and authentication mechanism. Now combined with Oakley to form
IKE.
IP Groups
IP Groups are a convenient means of managing your VPN resources. IP
Groups are collections of IP network mask pairs associated with security
gateways, hosts, and workstations located behind the security gateway.
Groups are collections of IP network mask pairs associated with security
gateways, hosts, and workstations located behind the security gateway.
IPSec
The network cryptographic protocols for protecting IP packets.
ISAKMP
The key-management protocol used in conjunction with IPSec.
Issuer Certificates
See Certificates, Issuer