User manual

ManualsBrandsSecure Computing ManualsComputer equipmentSG550

281

282

283

284

285

286

287

288

289

290

Appendix A – Terminology

278

IPSec with

Dynamic DNS

Dynamic DNS can be run on the IPSec endpoints thereby creating an

IPSec tunnel using dynamic IP addresses.

IKE IKE is a profile of ISAKMP that is for use by IPsec. It is often called

simply IKE. IKE creates a private, authenticated key management

channel. Using that channel, two peers can communicate, arranging

for sessions keys to be generated for AH, ESP or IPcomp. The

channel is used for the peers to agree on the encryption, authentication

and compression algorithms to be used. The traffic to which the

policies are applied is also agreed upon.

ISAKMP ISAKMP is a framework for doing Security Association Key

Management. It can, in theory, be used to produce session keys for

many different systems, not just IPsec.

Key lifetimes The length of time before keys are renegotiated.

LAN Local Area Network.

LED Light-Emitting Diode.

Local Private Key

Certificate &

Passphrase

The private part of the public/private key pair of the certificate resides

on the SG unit. The passphrase is a key that can be used to lock and

unlock the information in the private key certificate.

Local Public Key

Certificate

The public part of the public/private key pair of the certificate resides on

the SG unit and is used to authenticate against the CA certificate.

MAC address The hardware address of an Ethernet interface. It is a 48-bit number

usually written as a series of 6 hexadecimal octets, e.g.

00:d0:cf:00:5b:da. A SG unit has a MAC address for each Ethernet

interface. These are listed on a label on the underneath of the device.

Main Mode This Phase 1 keying mode automatically exchanges encryption and

authentication keys and protects the identities of the parties attempting

to establish the tunnel.

Manual Keying This type of keying requires the encryption and authentication keys to

be specified.

Manual Keys Predetermined encryption and authentication keys used to establish the

tunnel.

Masquerade The process when a gateway on a local network modifies outgoing

packets by replacing the source address of the packets with its own IP

address. All IP traffic originating from the local network appears to

come from the gateway itself and not the machines on the local

network.

MD5 Message Digest Algorithm Five is a 128 bit hash. It is one of two

message digest algorithms available in IPSec.

NAT Network Address Translation. The translation of an IP address used on

one network to an IP address on another network. Masquerading is

one particular form of NAT.

Net mask The way that computers know which part of a TCP/IP address refers to

the network, and which part refers to the host range.