Description of the Network Topology for the IPsec Tasks to Protect a VPN - Securing the Network in Oracle® Solaris 11.2

Securing the Network in Oracle^® Solaris 11.2

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Securing the Network in Oracle^® ... » Configuring IPsec » Protecting a VPN With IPsec » Description of the Network Topology for the ...

Updated: August 2014

Securing the Network in Oracle^® Solaris 11.2

Document Information

Using This Documentation

Chapter 1 Using Link Protection in Virtualized Environments

Chapter 2 Tuning Your Network

Chapter 3 Web Servers and the Secure Sockets Layer Protocol

Chapter 4 About IP Filter in Oracle Solaris

Chapter 5 Configuring IP Filter

Chapter 6 About IP Security Architecture

Chapter 7 Configuring IPsec

Protecting Network Traffic With IPsec

How to Secure Network Traffic Between Two Servers With IPsec

How to Use IPsec to Protect Web Server Communication With Other Servers

Protecting a VPN With IPsec

Examples of Protecting a VPN With IPsec by Using Tunnel Mode

Description of the Network Topology for the IPsec Tasks to Protect a VPN

How to Protect the Connection Between Two LANs With IPsec in Tunnel Mode

Additional IPsec Tasks

How to Manually Create IPsec Keys

How to Configure a Role for Network Security

How to Verify That Packets Are Protected With IPsec

Chapter 8 About Internet Key Exchange

Chapter 9 Configuring IKEv2

Chapter 10 Configuring IKEv1

Chapter 11 Troubleshooting IPsec and Its Key Management Services

Chapter 12 IPsec and Key Management Reference

Network Security Glossary

Language:

Description of the Network Topology for the IPsec Tasks to Protect a VPN

The procedures in this section assume the following setup. For a depiction of the network, see Figure 7–2.

Each system is using an IPv4 address space.

These procedures also work with IPv6 addresses or a combination of IPv4 and IPv6 addresses.
Each system has two interfaces. The net0 interface connects to the Internet. In this example, Internet IP addresses begin with 192.168. The net1 interface connects to the company's LAN, its intranet. In this example, intranet IP addresses begin with the number 10.
Each system requires ESP encryption with the AES algorithm. The AES algorithm uses a 128-bit or 256-bit key.
Each system requires ESP authentication with the SHA-2 algorithm. In this example, the SHA-2 algorithm uses a 512-bit key.
Each system can connect to a router that has direct access to the Internet.
Each system uses shared security associations.

The following illustration shows the configuration parameters used in the procedures.

Figure 7-2 Sample VPN Between Offices Connected Across the Internet

image:Graphic shows details of VPN between Europe and California offices.

The configuration parameters are listed in the following table.

Parameter	Europe	California
System name	euro-vpn	calif-vpn
System intranet interface	net1	net1
System intranet address, the default route to the other network	10.16.16.6	10.1.3.3
System intranet address object	net1/inside	net1/inside
System Internet interface	net0	net0
System Internet address	192.168.116.16	192.168.13.213
Name of Internet router	router-E	router-C
Address of Internet router	192.168.116.4	192.168.13.5
Tunnel name	tun0	tun0
Tunnel name address object	tun0/v4tunaddr	tun0/v4tunaddr

For information about tunnel names, see Administering IP Tunnels in Administering TCP/IP Networks, IPMP, and IP Tunnels in Oracle Solaris 11.2 . For information about address objects, see How to Configure an IPv4 Interface in Configuring and Administering Network Components in Oracle Solaris 11.2 and the ipadm(1M) man page.

Copyright © 1999, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices