Concept Guide
Internet Protocol Security (IPSec)
Internet protocol security (IPSec) is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all
packets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways.
IPSec is compatible with Telnet and FTP protocols. It supports two operational modes: Transport and Tunnel.
• Transport mode — (default) Use to encrypt only the payload of the packet. Routing information is unchanged.
• Tunnel mode — Use to encrypt the entire packet including the routing information of the IP header. Typically used when creating virtual
private networks (VPNs).
NOTE: The Dell EMC Networking OS supports IPSec only for FTP and telnet protocols (ports 20, 21, and 23). The system rejects
if you congure IPSec for other protocols.
IPSec uses the following protocols:
• Authentication Headers (AH) — Disconnected integrity and origin authentication for IP packets
• Encapsulating Security Payload (ESP) — Condentiality, authentication, and data integrity for IP packets
• Security Associations (SA) — Necessary algorithmic parameters for AH and ESP functionality
IPSec supports the following authentication and encryption algorithms:
• Authentication only:
– MD5
– SHA1
• Encryption only:
– 3DES
– CBC
– DES
• ESP Authentication and Encryption:
– MD5 & 3DES
– MD5 & CBC
– MD5 & DES
– SHA1 & 3DES
– SHA1 & CBC
– SHA1 & DES
Conguring IPSec
The following sample conguration shows how to congure FTP and telnet for IPSec.
1 Dene the transform set.
CONFIGURATION mode
crypto ipsec transform-set myXform-seta esp-authentication md5 esp-encryption des
2 Dene the crypto policy.
CONFIGURATION mode
crypto ipsec policy myCryptoPolicy 10 ipsec-manual
22
Internet Protocol Security (IPSec) 461