Security
Association (SA)
The concept of Security Associations (SAs) is fundamental to
understanding and configuring IPSec. An SA is a
relationship between two or more potential VPN endpoints, which describes how
those endpoints will use security services (technologies and protocols) to
communicate securely. In establishing each secure communication connection,
IPSec can provide services for encryption, integrity, and/or authenticity
services. Once the services are selected, the two IPSec peers must determine
exactly which algorithms to use for each service, such as DES or 3DES for
encryption and MD5 or SHA for data integrity.
Once the services are selected and the algorithms chosen to
implement those services, the two peers must exchange or implement session keys
required by the algorithms. Is this beginning to sound complicated? How can you
keep track of all these choices and decisions? The security association is the
mechanism IPSec uses to manage these decisions and choices for each IPSec
communication session. A basic component of configuring IPSec services on a
client, router, firewall, or VPN concentrator is defining SA parameters.
Sections
Comments (0 posted)
Syndication
