Cisco WS-X4604-GWY - VoIP Gateway Especificaciones descargar pdf (Pagina 117)

7-3

Cisco Catalyst 4000 Access Gateway Module Installation and Configuration Note

OL-3008-01

Chapter 7 Configuring Encryption Services

Configuring the Encryption Service Adapter

Configure the Internet Key Exchange Security Protocol

The second step is to establish an Internet Key Exchange (IKE) Security Protocol for encryption.

The Internet Key Exchange (IKE) protocol is a key management protocol standard that is used in

conjunction with the IPSec standard. IPSec is an IP security feature that provides robust authentication

and encryption of IP packets. IPSec can be configured without IKE, but IKE enhances IPSec by

providing additional features, flexibility, and ease of configuration for the IPSec standard. (For more

information on IPSec, see the “Configuring IPSec Network Security” section on page 7-3.)

To configure an IKE Security Protocol, follow this procedure:

For information on how to create a private or public key and to download a certificate, visit the following

website:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt4/scdipsec.ht

Configuring IPSec Network Security

The third step is to define how the T1 data will be handled. This requires that you use IPSec (IP Security

Protocol) security.

IPSec is a framework of open standards that provides data confidentiality, data integrity, and data

authentication between participating peers. IPSec provides these security services at the IP layer; it uses

IKE to handle negotiation of protocols and algorithms based on local policy, and to generate the

Command Purpose

Step 1

gateway(config)# crypto isakmp

policy priority

Creates an IKE policy

with a unique priority number and

enter Internet Security Association and Key Management

Protocol (ISAKMP

) policy configuration mode.

Note You can configure multiple policies on each

peer

, but at least one of these policies must

contain exactly the same encryption,

authentication, and other parameters as one of

the policies on the remote peer.

1. You must create IKE policies at each peer. An IKE policy defines a combination of security parameters to be used during the IKE

negotiation. IKE negotiations must be protected, so each IKE negotiation begins by each peer agreeing on a common (shared) IKE policy.

This policy states which security parameters will be used to protect subsequent IKE negotiations. After the two peers agree upon a policy,

the security parameters of the policy are identified by a security association established at each peer, and these security associations apply

to all subsequent IKE traffic during the negotiation.

2. A protocol framework that defines payload formats, the mechanics of implementing a key exchange protocol, and the negotiation of a

security association.

3. In the context of this document, a peer refers to a Catalyst 4224 or other device that participates in IPSec and IKE.

Step 2

gateway(config-isakmp)#

authentication

{rsa-sig|rsa-encr|pre-share}

Specifies the authentication method to be used in an IKE

policy.

Step 3

gateway(config-isakmp)# exit

Returns to global configuration mode.

Step 4

gateway(config)# crypto isakmp key

keystring address

peer_address|peer_hostname

Configures the authentication key for each peer that shares

a key.

1 2 ... 112 113 114 115 116 117 118 119 120 121 122 ... 165 166

Comentarios a estos manuales

Sin comentarios

Cisco WS-X4604-GWY - VoIP Gateway Especificaciones Pagina 117

Comentarios a estos manuales

Relacionado con productos y manuales para Gateways / Controladores Cisco WS-X4604-GWY - VoIP Gateway