Cisco AIM-VPN - DES/3DES VPN Data Encryption AIM Module Uživatelský manuál stáhnout pdf (Strana 2)

Q. What is IPsec for IP Version 6 (IPv6)?

A. IPsec is a framework of open standards, developed by the Internet Engineering Task Force (IETF), that provide security for

transmission of sensitive information over unprotected networks such as the Internet. IPsec acts at the network layer, protecting and

authenticating IP packets between participating IPsec devices (peers), such as Cisco

routers. IPsec provides the following optional

network security services; in general, local security policy will dictate the use of one or more of these services:

●

Data confidentiality—The IPsec sender can encrypt packets before sending them across a network.

●

Data integrity—The IPsec receiver can authenticate packets sent by the IPsec sender to help ensure that the data has not been

altered during transmission.

●

Data origin authentication—The IPsec receiver can authenticate the source of the IPsec packets sent. This service depends on

the data integrity service.

●

Anti-replay—The IPsec receiver can detect and reject replayed packets.

With IPsec, data can be sent across a public network without observation, modification, or spoofing. IPsec functions are similar in

both IPv6 and IPv4; however, only Ipv6 supports site-to-site tunnel mode.

In IPv6, IPsec is implemented using the AH authentication header and the Encapsulated Security Protocol (ESP) extension header.

The authentication header provides integrity and authentication of the source. It also provides optional protection against replayed

packets. The authentication header protects the integrity of most of the IP header fields and authenticates the source through a

signature-based algorithm. The ESP header provides confidentiality, authentication of the source, connectionless integrity of the

inner packet, anti-replay, and limited traffic flow confidentiality.

The Internet Key Exchange (IKE protocol is a key management protocol standard that is used in conjunction with IPsec. IPsec can be

configured without IKE, but IKE enhances IPsec by providing additional features, flexibility, and ease of configuration for the IPsec

standard.

Q. What is Cisco IOS Secure Multicast?

A. Cisco IOS Secure Multicast is a set of hardware and software features necessary to secure IP Multicast group traffic originating on

or flowing through a Cisco IOS Software device. It combines the keying protocol Group Domain of Interpretation (GDOI) with

hardware-based IPsec encryption to provide users with an efficient method for securing IP Multicast group traffic. With Cisco IOS

Secure Multicast, a router can apply encryption to IP Multicast traffic without having to configure tunnels.

Cisco IOS Secure Multicast provides the following benefits:

●

Multicast traffic protection—Protects multicast traffic without any form of additional encapsulation

●

Scalability—Allows one-to-many and many-to-many relationships

●

Manageability—Allows easy configuration and enhanced manageability

●

Native IPsec encapsulation—Provides native IPsec encapsulation for IP Multicast traffic

●

Key and policies distribution—Offers a centralized key and policies distribution mechanism through the GDOI key server

●

Simplified troubleshooting—Simplifies troubleshooting by reducing overall complexity

●

Extensible standards-based framework—Uses an extensible, standards-based framework

1 2 3 4 5 6 7 8

Integrated Services Routers 1

Komentáře k této Příručce

Žádné komentáře

Cisco AIM-VPN - DES/3DES VPN Data Encryption AIM Module Uživatelský manuál Strana 2

Komentáře k této Příručce

Související produkty a manuály pro Sítě Cisco AIM-VPN - DES/3DES VPN Data Encryption AIM Module