Nortel Networks 608(WL) Manuale Utente
Chapter 2
SpeedTouch™ IPSec terminology
E-DOC-CTC-20051017-0169 v1.0
16
2.1 Policy
What is ...
Security is all about traffic policies and these can be configured using the IPSec
policy commands. By default, policy rules are automatically generated when the
IPSec connection is created and the user does not need to execute extra commands.
policy commands. By default, policy rules are automatically generated when the
IPSec connection is created and the user does not need to execute extra commands.
A set of rules defines whether a packet has to pass through a secure tunnel or not.
These rules are expressed in terms of IP addresses, protocols and/or ports that have
access to the secure connections. The user specifies and configures a general policy
in function of his overall security policy and the VPN network topology.
These rules are expressed in terms of IP addresses, protocols and/or ports that have
access to the secure connections. The user specifies and configures a general policy
in function of his overall security policy and the VPN network topology.
Static policy
In a static network environment with fixed IP addresses, the policy can be
completely defined, and specific rules can be expressed in the configuration.
completely defined, and specific rules can be expressed in the configuration.
Dynamic policy
In a more dynamic network environment, where IP addresses are dynamically
assigned, or where terminals may connect from various unknown locations, it may
be impossible to express a specific policy in the router configuration. In order to
cope with this situation, the SpeedTouch™ allows expressing a general policy in the
configuration. This general policy may include some placeholders for information
that becomes available only during the Security Association negotiations. The
specific policy rules are automatically derived from the general policy and the
outcome of the negotiations.
assigned, or where terminals may connect from various unknown locations, it may
be impossible to express a specific policy in the router configuration. In order to
cope with this situation, the SpeedTouch™ allows expressing a general policy in the
configuration. This general policy may include some placeholders for information
that becomes available only during the Security Association negotiations. The
specific policy rules are automatically derived from the general policy and the
outcome of the negotiations.