1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Gateway
  5. ASR 5000 Series 3G Home NodeB
  6. Administration manual

Ipsec Terminology; Crypto Access Control List (Acl); Transform Set; Isakmp Policy - Cisco ASR 5000 Series 3G Home NodeB Administration Manual

3g home nodeb gateway
Hide thumbs
Table of Contents

Advertisement

IP Security

IPSec Terminology

There are four items related to IPSec support on the system that must be understood prior to beginning configuration.
They are:
 Crypto Access Control List (ACL)
 Transform Set
 ISAKMP Policy
 Crypto Map

Crypto Access Control List (ACL)

As described in the IP Access Control Lists chapter of this guide, ACLs on the system define rules, usually permissions,
for handling subscriber data packets that meet certain criteria. Crypto ACLs, however, define the criteria that must be
met in order for a subscriber data packet to be routed over an IPSec tunnel.
Unlike other ACLs that are applied to interfaces, contexts, or one or more subscribers, crypto ACLs are matched with
crypto maps. In addition, crypto ACLs contain only a single rule while other ACL types can consist of multiple rules.
Prior to routing, the system examines the properties of each subscriber data packet. If the packet properties match the
criteria specified in the crypto ACL, the system will initiate the IPSec policy dictated by the crypto map.

Transform Set

Transform Sets are used to define IPSec security associations (SAs). IPSec SAs specify the IPSec protocols to use to
protect packets.
Transform sets are used during Phase 2 of IPSec establishment. In this phase, the system and a peer security gateway
negotiate one or more transform sets (IPSec SAs) containing the rules for protecting packets. This negotiation ensures
that both peers can properly protect and process the packets.

ISAKMP Policy

Internet Security Association Key Management Protocol (ISAKMP) policies are used to define Internet Key Exchange
(IKE) SAs. The IKE SAs dictate the shared security parameters (i.e. which encryption parameters to use, how to
authenticate the remote peer, etc.) between the system and a peer security gateway.
During Phase 1 of IPSec establishment, the system and a peer security gateway negotiate IKE SAs. These SAs are used
to protect subsequent communications between the peers including the IPSec SA negotiation process.

Crypto Map

Crypto Maps define the tunnel policies that determine how IPSec is implemented for subscriber data packets.
There are three types of crypto maps supported by the system. They are:
 Manual crypto maps
OL-25069-03
Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄
IPSec Terminology ▀
135

Advertisement

Table of Contents
loading

Related Manuals for Cisco ASR 5000 Series 3G Home NodeB

Related Content for Cisco ASR 5000 Series 3G Home NodeB

This manual is also suitable for:

Asr 5000 series

Table of Contents