Network Systems DesignLine | IPsec, a Tutorial--Part VI

Get the latest news, products and how-to information on network systems. Sign up for the Network Systems DesignLine newsletter, a weekly e-mail guide dedicated to the needs of engineers developing networking equipment and components. Here is our RSS feed.








 Network Systems DesignLine » How-To » IP Networking

 
 HOW-TO : IP Networking

IPsec, a Tutorial--Part VI

Here is Part VI of IPsec, A Tutorial, a Network Systems DesignLine multi-series. In this section we will explore basic tasks common to most of the fundamental IPsec VPN implementations, including the creation of an IPsec transform set and the successful configuration of an IPsec crypto map.
By James Henry Carmouche Print This Story Send As Email Discuss This Story Reprints

Page 1 of 3

Network Systems Designline
(12/28/2006 2:00 PM EST)

Rate this article
WORSE | BETTER
1 2 3 4 5
Here are Parts I, II, Part III, Part IV, and Part V.

IPsec Configuration Elements
There are several basic tasks that must typically be addressed when implementing IPsec. In this section we will explore basic tasks common to most of the fundamental IPsec VPN implementations, including the creation of an IPsec transform set and the successful configuration of an IPsec crypto map.

Creating an IPsec Transform
In order to implement an IPsec VPN, the administrator must first make a series of decisions that will eventually result in the creation of the IPsec transform. The IPsec transform defines a series of parameters that will be used in transforming the packet from its cleartext input form to the cipher text output. Figure 21 illustrates the IPsec transform creation decision tree.


Figure 21. The IPsec Transform Creation Decision Tree

The following list and examples use Figure 21 to illustrate the creation of a transform set within IOS:

  1. An IPsec transform set defines the IPsec protocol to be used. This could be ESP, AH, or a combination of the two. In Example 1, James selects ESP and AH as his IPsec protocols.


    2. Example 1. IPsec Protocol Definition and Availability

  2. Also specified as part of the IPsec transform set is the mode of the IPsec protocol. This could be either tunnel or transport mode. As discussed previously, different modes alter the packet in different ways--specifically, as it pertains to header location and the scope of the ESP or AH protection boundary. Example 2 illustrates the configuration of the mode that IPsec is to operate in.


    3. Example 2. IPsec Protocol Mode Definition


    Page 2: next page Print This Story Send As Email Discuss This Story Reprints

    Page 1 | 2 | 3


 
eSearch  

 Top 5 Most Read
 How-To Stories
1. 2. 3. 4. 5.

 Top 5 Most Read
 News Stories
1. 2. 3. 4. 5.

  • Introduction to Optical Transmission Systems

    		•
  • Optimizing Embedded Systems for Broadband 10 Gigabit Ethernet Connectivity

    		•
  • Interfacing a DS3231 with an 8051-Type Microcontroller

    		•
    The entire library >>  

    		 
     Top 5 Most Read
     Product Stories
    1. 2. 3. 4. 5.

     Sponsor

    EE Times TechCareers
    Search Jobs

    Enter Keyword(s):


    Function:


    State:
      

    Post Your Resume
    -----------------
    Employers Area
    Most Recent Posts More career-related news, resources and job postings for technology professionals

     Tech Library
    ¤ Looking for the appropriate Industry Association? This comprehensive, up-to-date list will take you to the right Web site for the help you need.

    ¤ Got a question about a standard? Here are direct links to resources detailing the industry's most important communications standards.

    ¤ Freshen up on technology, new and old, with these links to interesting and informative tutorials.

    More from TechLibrary
    Welcome to our DesignLine network of web communities. On these sites, we provide practical how-to technical information for engineers and engineering managers involved in Automotive,audio, DSP, DTV, EDA, Industrial Control, Mobile Handset, Power Management, Programmable Logic,RF,Video, and Wireless networking design. Check out the sites and let us know your thoughts.
    		 



    HOME  |  ABOUT  |  FEEDBACK  |  CONTACT
    Career Center | CommsDesign.com | Embedded.com | EE Times | TechOnline
    Planet Analog | DeepChip | eeProductCenter | Electronic Supply & Manufacturing | Webinars


    All material on this site Copyright © 2006 CMP Media LLC. All rights reserved
    Privacy Statement | Your California Privacy Rights | Terms of Service