Here is an example of how tunnel mode ipsec operates

This preview shows page 254 - 258 out of 281 pages.

We have textbook solutions for you!
The document you are viewing contains questions related to this textbook.
Elementary and Intermediate Algebra
The document you are viewing contains questions related to this textbook.
Chapter 11 / Exercise 111
Elementary and Intermediate Algebra
Tussy/Gustafson
Expert Verified
Here is an example of how tunnel mode IPsec operates. Host A on a network generates an IP packet with the destination address of host B on another network. This packet is routed from the originating host to a firewall or secure router at the boundary of A’s network. The firewall filters all outgoing packets to determine the need for IPsec processing ESP in tunnel mode encrypts and optionally authenticates the entire inner IP packet, including the inner IP header. AH in tunnel mode authenticates the entire inner IP packet and selected portions of the outer IP header. WebLink: ipsec - overview -solutions.html
We have textbook solutions for you!
The document you are viewing contains questions related to this textbook.
Elementary and Intermediate Algebra
The document you are viewing contains questions related to this textbook.
Chapter 11 / Exercise 111
Elementary and Intermediate Algebra
Tussy/Gustafson
Expert Verified
255 4.6.4.2 Lecture-2 IP Security Architecture: Fundamental to the operation of IPsec is the concept of a security policy applied to each IP packet that transits from a source to a destination. IPsec policy is determined primarily by the interaction of two databases, the security association database (SAD) and the security policy database (SPD). Security Associations:
256 A key concept that appears in both the authentication and confidentiality mechanisms for IP is the security association (SA). An association is a one-way logical connection between a sender and a receiver that affords security services to the traffic carried on it. If a peer relationship is needed for two-way secure exchange, then two security associations are required. Security services are afforded to an SA for the use of AH or ESP, but not both. A security association is uniquely identified by three parameters: • Security Parameters Index (SPI): A bit string assigned to this SA and having local significance only. • IP Destination Address: This is the address of the destination endpoint of the SA, which may be an end-user system or a network system such as a firewall or router. • Security Protocol Identifier: This field from the outer IP hea der indicates whether the association is an AH or ESP security association. Security Association Database: In each IPsec implementation, there is a nominal Security Association Database that defines the parameters associated with each SA. Security Parameter Index • Sequence Number Counter • Sequence Counter Overflow
257 • Anti -Replay Window • AH Information • ESP Information • Lifetime of this Security Association • IPsec Protocol Mode • Path MTU The key management mechanism that is used to distribute keys is coupled to the authentication and privacy mechanisms only by way of the Security Parameters Index (SPI). 4.6.4.3 Lecture-3 Security Policy Database: The means by which IP traffic is related to specific SAs (or no SA in the case of traffic allowed to bypass IPsec) is the nominal Security Policy Database (SPD). An SPD contains entries, each of which defines a subset of IP traffic and points to an SA for that traffic. Each SPD entry is defined by a set of IP and upper-layer protocol field values, called selectors.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture