Versions Compared

Old Version 2

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version 3

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Caption
0Table
1IPSec Security Features

 

IPsec Security Features

Description

IKEv1 or IKEv2 for authentication, keying and security association negotiation

  • Act as IKE initiator or responder (Main Mode only for IKEv1)
  • Authentication by pre-shared secrets
  • IPv4 address, IPv6 address and FQDN identity types
Info

For configuration details, see:

IKE algorithms supported

  • AES-CBC with 128 bit keys
  • 3DES-CBC
  • HMAC-SHA1-96
  • HMAC-SHA-256
  • HMAC-MD5
  • Diffie-Hellman groups 1, 2, 5 and 14
Info

For configuration details, see:

ESP encapsulation

  • Tunnel mode

ESP algorithms supported

  • AES-CBC with 128 bit keys
  • 3DES-CBC encryption
  • Null encryption
  • HMAC-SHA1
  • HMAC-MD5
Info

For configuration details, see:

 

The Sonus IP Security (IPSec) feature provides cryptographic protection by the application of IPSec on a packet-by-packet basis controlled by rules in a Security Policy Database (SPD). These rules are applied to each incoming and outgoing packet, and as a function of source IP address, destination IP address, protocol, source port and destination port produce a directive to discard the packet, bypass the packet (allow it to pass as plaintext), or protect the packet with IPSec according to parameters specified in IPSec Protection Profile. IPSec is implemented using Encapsulating Security Payload (ESP) encapsulation.

...

For IPSec Peer configuration details, see Ipsec - Peer (EMA) or IPSec IPSEC Peer - CLI.

Note
The SBC supports Perfect Forward Secrecy (PFS) using the same DH group negotiated for IKE SA establishment.

...