Determine IPSec IKE Phase Two Policy

PIX1

PIX2

Site 1

Site 2

PIX1

PIX2

Site 1

Site 2

Determining network design details includes defining a more detailed security policy for protecting traffic. You can then use the detailed policy to help select IPSec transform sets and modes of operation. Your security policy should answer the following questions:

■ What protections are required or are acceptable for the protected traffic?

■ What traffic should or should not be protected?

■ Which PIX interfaces are involved in protecting internal nets, external nets, or both?

■ What are the peer IPSec endpoints for the traffic?

■ How should SAs be established?

The figure above shows a summary of IPSec encryption policy details that will be configured in the examples in this chapter.

0 0

Post a comment