Alcatel-Lucent 6850-48 网络指南
IPsec Overview
Configuring IPsec
page 27-10
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
tion is a management tool used to enforce a security policy in the IPsec environment. SA actually speci-
fies encryption and authentication between communicating peers.
fies encryption and authentication between communicating peers.
Manually configured SAs are unidirectional; bi-directional communication requires at least two SAs, one
for each direction. Manually-configured SAs are specified by a combination of their SPI, source and desti-
nation addresses. However, multiple SAs can be configured for the same source and destination combina-
tion. Such SAs are distinguished by a unique Security Parameter Index (SPI).
for each direction. Manually-configured SAs are specified by a combination of their SPI, source and desti-
nation addresses. However, multiple SAs can be configured for the same source and destination combina-
tion. Such SAs are distinguished by a unique Security Parameter Index (SPI).
SA Keys
Keys are used for encrypting and authenticating the traffic. Key lengths must match what is required by
the encryption or authentication algorithm specified in the SA. Key values may be specified either in hexa-
decimal format or as a string.
the encryption or authentication algorithm specified in the SA. Key values may be specified either in hexa-
decimal format or as a string.
Note. The OmniSwitch currently supports manually configured SAs only.
Discarding Traffic using IPsec
In order to discard IP datagrams, a policy is configured in the same manner as an IPsec security policy, the
difference being that the action is set to ‘discard’ instead of ‘ipsec’. A discard policy can prevent IPv6 traf-
fic from traversing the network.
difference being that the action is set to ‘discard’ instead of ‘ipsec’. A discard policy can prevent IPv6 traf-
fic from traversing the network.