Avaya Configuring IP Security Services Uživatelský manuál stáhnout pdf (Strana 25)

Overview of IPsec

304111-B Rev 00

1-7

Security Gateways

A security gateway establishes SAs between router interfaces configured with

IPsec software. A Bay Networks router becomes a security gateway when you

enable IPsec on a WAN interface. In this way, a Bay Networks router operating as

a security gateway provides IPsec services to its internal hosts and subnetworks.

Hosts or networks on the external side of a security gateway (typically, the overall

Internet) are considered “untrusted.” Hosts or subnetworks on the internal side of

a security gateway (nodes on your local intranet) are considered “trusted” because

they are controlled and securely managed by the same network administration

(Figure 1-3

Figure 1-3. IPsec Security Gateways and Security Policies

When you add IPsec services to a router to create a security gateway, its internal

hosts and subnetworks can communicate with external hosts that directly operate

IPsec services, or with a remote security gateway that provides IPsec services for

its set of hosts and subnetworks.

IP0078A

Untrusted

network

Local

host

Trusted

network

Outbound policy

Inbound policy (clear text only)

IPsec interface

Remote

host

Outbound policy

Inbound policy (clear text only)

Security

gateway

Security

gateway

Trusted

network

1 2 ... 20 21 22 23 24 25 26 27 28 29 30 ... 99 100

Žádné komentáře

Avaya Configuring IP Security Services Uživatelský manuál Strana 25