Administrator Guide
Internet Protocol Security (IPSec)
Internet protocol security (IPSec) is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all
packets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways.
IPSec is compatible with Telnet and FTP protocols. It supports two operational modes: Transport and Tunnel.
• Transport mode — (default) Use to encrypt only the payload of the packet. Routing information is unchanged.
• Tunnel mode — Use to encrypt the entire packet including the routing information of the IP header. Typically used when creating
virtual private networks (VPNs).
NOTE: The Dell EMC Networking OS supports IPSec only for FTP and telnet protocols (ports 20, 21, and 23). The
system rejects if you configure IPSec for other protocols.
IPSec uses the following protocols:
• Authentication Headers (AH) — Disconnected integrity and origin authentication for IP packets
• Encapsulating Security Payload (ESP) — Confidentiality, authentication, and data integrity for IP packets
• Security Associations (SA) — Necessary algorithmic parameters for AH and ESP functionality
IPSec supports the following authentication and encryption algorithms:
• Authentication only:
• MD5
• SHA1
• Encryption only:
• 3DES
• CBC
• DES
• ESP Authentication and Encryption:
• MD5 & 3DES
• MD5 & CBC
• MD5 & DES
• SHA1 & 3DES
• SHA1 & CBC
• SHA1 & DES
Topics:
• Configuring IPSec
Configuring IPSec
The following sample configuration shows how to configure FTP and telnet for IPSec.
1. Define the transform set.
CONFIGURATION mode
crypto ipsec transform-set myXform-seta esp-authentication md5 esp-encryption des
2. Define the crypto policy.
CONFIGURATION mode
crypto ipsec policy myCryptoPolicy 10 ipsec-manual
transform-set myXform-set
session-key inbound esp 256 auth <key>
encrypt <key>
session-key outbound esp 257 auth <key> encrypt <key>
20
340 Internet Protocol Security (IPSec)