Avaya Integrated IP Security User Manual
Configuring IP Security Services
BayRS Version 13.10
Site Manager Software Version 7.10
Part No. 304111-A Rev 00
November 1998
4401 Great America Pa rkw ay 8 Federal S treet
Santa Clara, CA 95054 Billerica, MA 01821
Copyright © 1998 Bay Networks, Inc.
All rights reserved. Printed in the USA. November 1998.
The information in this document is subject to change without notice. The statements, configurations, technical data,
and recommendations in this document are believed to be accurate and reliable, but are presented without express or
implied warranty. Users must take full responsibility fo r th eir a pplic a tio ns of any products specified in this document.
The information in this document is proprietary to Bay Networks, Inc.
The software described in this document is furnished under a license agreement and may only be used in accordance
with the terms of that licen se. A summary of the Software License is included in this document.
Trademarks
AN, BN, and Bay Networks are registered trademarks and Advanced Remote Node, ARN, BayRS, BayStack,
System 5000, and the Bay Networks logo are trademarks of Bay Networks, Inc.
All other trademarks and registered trademarks are t he property of their respective owners.
Restricted Rights Legend
Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph
(c)(1)(ii) of the Rights in Technical Data and Computer So ftware clause at DFARS 252.227-7013.
Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer
software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in
the Commercial Computer Software-Restricted Rights cl ause at FAR 52.227-19.
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, Bay Networks, Inc. reserves the
right to make changes to the pr oducts described in this document without notice.
Bay Networks, Inc. does not assume any liability that may occur du e to the use or application of the product(s) or
circuit layout(s) described herein.
Portions of the code in this software product may be Copyright © 1988, Regents of the University of California. All
rights reserved. Redistribution and use in source and binary forms of such portions are permitted, provided th at the
above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising
materials, and other materials related to such distribution and use acknowledge that su ch portions of the software were
developed by the University of California, Berkeley. The name of the University may not be used to endorse or
promote products derived from such portions of the software without specific prior written permission.
SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
In addition, the program and information contained herein are licensed only pursuant to a license agreement that
contains restricti ons on use and disclosure (that may incorporate by reference certai n limitations and no tices imposed
by third parties).
ii 304111-A Rev 00
Bay Networks, Inc. Software License Agreement
NOTICE: Please carefully read this license agre ement before copying or using the accompanying software or
installing the hardware unit with pre-enabled software (each of which is referred to as “Software” in this Agreement).
BY COPYING OR USING THE SOFTWARE, YOU ACCEPT ALL OF THE TERMS AND CONDITIONS OF
THIS LICENSE AGREEMENT. THE TERMS EXPRESSED IN THIS AGREEMENT ARE THE ONLY TERMS
UNDER WHICH BAY NETWORKS WILL PERMIT YOU TO USE THE SOFTWARE. If you do not accept these
terms and conditions, return the product, unused and in the original shipping container, within 30 days of purchase to
obtain a credit for the full purchase price.
1. License Grant. Bay Networks, Inc. (“Bay Networks”) grants the end user of the Software (“Licensee”) a personal,
nonexclusive, nontransferable license: a) to use the Software either on a single computer or, if applicable, on a single
authorized device identified by host ID, for which it was originally acquired; b) to copy the Software solely for backup
purposes in support of authorized use of the Software; and c) to use and copy the associated user manual solely i n
support of authorized use of the Software by Licensee. This license applies to the Software only and does not extend
to Bay Networks Agent software or other Bay Networks software pro ducts. Bay Networks Agent software or other
Bay Networks software products are licensed for use under the terms of the applicable Bay Networks, Inc. Software
License Agreement that accomp anies such software and upon payment by the end user of the applicable license fees
for such software.
2. Restrictions on use; reservation of rights. The Software and user manuals are protected under copyright laws.
Bay Networks and/or it s licensors retain all title and ownership in both the Software and user manuals, including any
revisions made by Bay Networks or i ts licensors. The copyr ight notice must be reproduced and included with any
copy of any portion of the Software or user manuals. Licensee may not modify, translate, decompile, disassemble, use
for any competitiv e analysis, re v erse engineer , distrib ute, or create deriv ati ve works from the Softwa re or user manuals
or any copy, in whole or in part. Except as expressly provided in thi s Agreement, Licensee may not copy or transfer
the Software or user manuals, in whole or in part. The Soft ware and user manuals embody Bay Networks’ and its
licensors’ confidential and proprietary intellectual property. Licensee shall not sublicense, assign, or otherwise
disclose to any third party the Software, or any information about the operation, design, performance, or
implementation of the Software and user manuals that is confidential to Bay Networks and its licensors; however,
Licensee may grant permission to its consultants, subcontractors, a nd agents to use the Softw are at Licensee’s facility ,
provided they have agreed to use the Software only in accordance with the terms of this license.
3. Limited warranty. Bay Networks warrants each item of Software, as delivered by Bay Networks and properly
installed and operated on Bay Networks hardware or other equipment it is originally licensed for, to function
substantially as described in its accompanying user m anual during its warranty period , which begins on the date
Software is first shipped to Licensee. If an y item of S oftware f ails to so function d uring its w arranty period, as the sole
remedy Bay Networks will at its discretion provide a suitable fix, patch, or workaround for the problem that may be
included in a future Software release. Bay Network s fur ther w arra nts to Licen see that the medi a on which the
Software is provided will be free from defec ts in materials and wo rkman ship under no rmal use for a peri od of 90 da ys
from the date Software is first shipped to Licensee. Bay Networks will replace defective media at no cha rge if it is
returned to Bay Netw orks during the warran ty perio d alon g with proof of the date of shipment . This war ranty do es not
apply if the media has been dam aged as a resul t of acci dent, misuse , or ab use. The Licen see assumes all re sponsibilit y
for selection of the Software to achieve Licensee’s intended results and for the installation, use, and results obtained
from the Software. Bay Networks does not warrant a) that the functions contained in the software will meet the
Licensee’ s requireme nts, b) that the Software will operate in the hardware or software combinations tha t the L icens ee
may select, c) that the operation of the Softw a re will be uninterru pte d or error free, or d) that all defec ts in the
operation of the Software will be corrected. Bay Networks is not obligated to remedy any Software defect that cannot
be reproduced with the latest Software release. These warranties do not apply to the So ftw are if i t has been (i) altered,
except by Bay Netwo rks or in a ccordance with its instru ction s; (ii) used in con junc tion with another v en dor’s product,
resulting in the defect; or (iii) damaged by improper environment, abuse, misuse, accident, or negligence. THE
FOREGOING WARRANTIES AND LIMITATIONS ARE EXCLUSIVE REMEDIES AND ARE IN LIEU OF ALL
OTHER WARRANTIES EXPRESS OR IMPLIED, INCLUDING W ITHOUT LIMITATION ANY WARRANTY OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Licensee is responsible for the security of
304111-A Rev 00 iii
its own data and information and for maintaining adequate procedures apart from the Software to reconstruct los t or
altered files, data, or programs.
4. Limitation of liability. IN NO EVENT WILL BAY NETWORKS OR ITS LICENSORS BE LIABLE FOR ANY
COST OF SUBSTITUTE PROCUREMENT; SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
DAMAGES; OR ANY DAMAGES RESULTING FROM INACCURATE OR LOST DATA OR LOSS OF USE OR
PROFITS ARISING OUT OF OR IN CONNECTION WITH THE PERFORMANCE OF THE SOFTWARE, EVEN
IF BAY NETWORKS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT
SHALL THE LIABILITY OF BAY NETWORKS RELATING TO THE SOFTWARE OR THIS AGREEMENT
EXCEED THE PRICE PAID TO BAY NETWORKS FOR THE SOFTWARE LICENSE.
5. Government Licensees. This provision applies to all Software and documentation acquired directly or indirectly
by or on behalf of the United States Government. The Software and documentation are commercial products, licensed
on the open market at market prices, and were developed entirely at private expense and without the use of any U.S.
Government funds. The license to the U.S. Government is granted only with restricted rights, and use, duplication, or
disclosure by the U.S. Government is subject to the restrictions set forth in subparagraph (c)(1) of the Commercial
Computer Software––Restricte d Rig hts cla u se o f FAR 52.227-19 and the limita tio ns set o ut in this license for civilian
agencies, and subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause of DFARS
252.227-7013, for agencies of t he Department of Defense or their successors, whichever is applicable.
6. Use of Software in the European Community. This provision applies to all Software acquired for use within the
European Community. If Licensee uses the Software within a country in the European Community, the Software
Directive enacted by the Council of European Commun ities Directive dated 14 May, 1991, will apply to the
examination of th e Software to facilitate interoperability. Licensee agrees to notify Ba y Networks of any such
intended examination of the Software and may procure support and assistance from Bay Networks.
7. Term and termination. This license is effective until terminated; however, all of the restrictions with respect to
Bay Networks’ copyright in the Software and user manuals will cease being effective at the date of expiration of the
Bay Networks copyright; those restrictions relating to use and disclosure of Bay Networks’ confidential information
shall continue in effect. Licensee may terminate this license at any time. The license will automatically terminate if
Licensee fails to comply with any of the terms and conditions of the license. Upon termination for any reason,
Licensee will immediately destroy or return to Bay Networks the Software, user manuals, and all copies. Bay
Networks is not liable to Licensee for damages in any form solely by reason of the termination of this license.
8. Export and Re-export. Licensee agrees not to export, directly or indirectly, t he S oft ware or re lated technical data
or information without first obtaining any required export licenses or other governmental approvals. Without limiting
the foregoing, Licensee, on behalf of itself and its subsidiaries and affiliates, agrees that it will not, without first
obtaining all export licenses and approvals required by the U.S. Government: (i) export, re-export, transfer, or divert
any such Software or technical data, or any direct product thereof, to any country to which such exports or re-exports
are restricte d or em b argoed under United States ex po r t con t rol laws and re gulations, or to any national or resident of
such restricted or embargoed countries; or (ii) provide the Software or related technical data or information to any
military end user or for any military end use, including the design, development, or production of any chemical,
nuclear, or biological weapons.
9. General. If any provision of this Agreement is held to be invalid or unenf orceable by a court of competent
jurisdiction, the remainder of the provisions of this Agreement shall remain in full force and effect. This Agreement
will be governed by the laws of the state of California.
Should you have any questions concerning this Agreement, contact Bay Networks, Inc., 4401 Great America Parkway,
P.O. Box 58185, Santa Clara, California 95054-8185.
LICENSEE ACKNOWLEDGES THAT LICENSEE HAS READ THIS AGREEMENT, UNDERSTANDS IT, AND
AGREES TO BE BOUND BY ITS TERMS AND CONDITIONS. LICENSEE FURTHER AGREES THAT THIS
AGREEMENT IS THE ENTIRE AND EXCLUSIVE AGREEMENT BETWEEN BAY NETWORKS AND
LICENSEE, WHICH SUPERSEDES ALL PRIOR ORAL AND WRITTEN AGREEMENTS AND
COMMUNICATIONS BETWEEN THE PARTIES PERTAINING TO THE SUBJECT MATTER OF THIS
AGREEMENT. NO DIFFERENT OR ADDITIONAL TERMS WILL BE ENFORCEABLE AGAINST B AY
NETWORKS UNLESS BAY NETWORKS GIVES ITS EXPRESS WRITTEN CONSENT, INCLUDING AN
EXPRESS WAIVER OF THE TERMS OF THIS AGREEMENT.
iv 304111-A Rev 00
Contents
Preface
Before You Begin .............................................................................................................xiii
Text Conventions .............................................................................................................xiv
Acronyms ........................... .......................... .......................... ......................... ................. xv
Bay Networks Technical Publications ..............................................................................xvi
How to Get Help .............................................................................................................xvii
Chapter 1
Overview
How IPsec Works ...........................................................................................................1-1
Network Considerations .................................................................................................1-1
Supported Routers ...................................................................................................1-2
Supported WAN Protocols .......................................................................................1-2
IPsec Protection .............................................................................................................1-2
IPsec Tunnel Mode ...................................................................................................1-3
Security Protocols Overview ....................................................................................1-4
Encapsulating Security Payload ........................................................................1-4
Authentication Header .......................................................................................1-4
IPsec Services .........................................................................................................1-5
Chapter 2
Getting Started with IPsec
Security Gateway ............................................................................................................2-2
Security Policies .............................................................................................................2-3
Policy Templates ......................................................................................................2-3
IPsec Policies ...........................................................................................................2-4
Criteria Specification ..........................................................................................2-4
Action Specification ...........................................................................................2-4
Inbound Policies .......................................................................................................2-5
Outbound Policies ....................................................................................................2-5
304111-A
Rev 00
v
Security Policy Database (SPD) ..............................................................................2-6
Security Associations .....................................................................................................2-6
Security Associations for Bidirectional Traffic ...........................................................2-7
Security Parameter Index (SPI) ................................................................................2-7
Summarizing Security Policies and SAs .........................................................................2-8
Security Protocols ...........................................................................................................2-9
IPsec Services ..............................................................................................................2-10
Confidentiality ....... ....... ...... ....... ...... ....... ...... ....... ...... ....... ...... ...... ....... ...... ....... ...... .2-10
Integrity ..................................................................................................................2-10
Authentication ........................................................................................................2-10
Installing IP Security (IPsec) Software .........................................................................2-11
Upgrading Software ...............................................................................................2-11
Installation Instructions ..........................................................................................2-11
Chapter 3
Configuring IPsec
Site Security ...................................................................................................................3-1
Configuration Security ....................................................................................................3-1
Encryption Keys .......................................................................................................3-2
Random Number Generator (RNG) .........................................................................3-2
Node Protection Key (NPK) ............................................................................................3-2
Generating and Using NPKs ....................................................................................3-3
Generating an NPK ...........................................................................................3-3
Entering the NPK on the Router ........................ ....... ...... ...... .............................3-4
Entering an NPK and a Seed for Encryption ..................................................................3-4
Changing NPKs ........................................................................................................3-5
Monitoring NPKs ......................................................................................................3-6
Enabling IPsec ................................................................................................................3-6
Creating Policies .............................................................................................................3-7
Criteria Specifications ..............................................................................................3-7
Action Specifications ................................................................................................3-7
Policy Considerations ...............................................................................................3-8
Creating Security Associations .....................................................................................3-11
Disabling IPsec .................. ...... ....... ...... ....... ...... ....................................... ...... ....... ...... .3-13
vi 304111-A Rev 00
Appendix A
Site Manager Parameters
Node Protection Key Para meter .................................................................................... A-1
Enabling IPsec Parameters ........................................................................................... A-2
IPsec Policy Parameters ................................................................................................ A-2
Security Association Parameters ................................................................................... A-3
Appendix B
Definitions of k Commands
Appendix C
Security Policy and Security Association Examples
Inbound and Outbound Policies .....................................................................................C-1
Protect and Unprotect Security Associations (SAs) ...................................................... C-6
Index
304111-A
Rev 00
vii
Figures
Figure 1-1. IPsec Environment: Unique Security Associations (SAs)
Between Routers ......................................................................................1-3
Figure 2-1. IPsec Concepts: Security Gateways, Security Policies,
and Security Associations (SAs) ..............................................................2-2
Figure 2-2. IPsec Security Gateways .........................................................................2-3
Figure 2-3. Outbound and Inbound Policies ...............................................................2-6
Figure 2-4. Security Associations for Bidirectional Traffic ...........................................2-7
Figure C-1. IPsec Outbound Policies for Routers 1, 2, and 3 ....................................C-2
Figure C-2. Single Protect/Unprotect SA Pair ............................................................ C-6
Figure C-3. Multiple Protect/Unprotect SA Pairs ........................................................ C-9
304111-A Rev 00
ix
Tables
Table 2-1. Security Policy Specifications ..................................................................2-8
Table 2-2. Security Association (SA) Configurations ................................................2-8
304111-A Rev 0
0 xi
This guide describes the Bay Networks® implementation of IP Security and how
to configure it on a Bay Networks router.
Before You Begin
Before using this guide, you must complete the following procedures. For a new
router:
• Install the router (see the installation guide that came w ith your router).
• Connect the router to the network and create a pilot configuration file (see
Quick-Starting Routers or Configuring BayStack Remote Access).
Preface
Make sure that you are running the latest version of Bay Networks BayRS
Site Manager software. For information about upgrading BayRS and Site
Manager, see the upgrading guide for your version of BayRS.
304111-A Rev 00 xiii
™
and
Configuring IP Security Services
Text Conventions
This guide uses the following text conventions:
angle brackets (< >) Indicate that you choose the text to enter based on the
description inside the brackets. Do not type the
brackets when entering the command.
Example: If the command syntax is:
ping
<
ip_address
ping 192.32.10.12
>, you enter:
bold text
Indicates command names and options and text that
you need to enter.
Example: Enter
show ip {alerts | routes
Example: Use the
dinfo
command.
}.
braces ({}) Indicate required elements in syntax descriptions
where there is more than one option. You must choose
only one of the options. D o not type the braces when
entering the command.
Example: If the command syntax is:
show ip {alerts | routes
show ip alerts or show ip routes
}
, you must enter either:
, but not both.
brackets ([ ]) Indicate optional elements in syntax descriptions. Do
not type the brackets when entering the command.
Example: If the command syntax is:
show ip interfaces [-alerts
show ip interfaces
or
]
, you can enter either:
show ip interfaces -alerts
.
italic text Indicates file and directory names, new terms, book
titles, and variables in command syntax descriptions.
Where a variable is two or more words, the words are
connected by an underscore.
Example: If the command syntax is:
show at
valid_route
<
valid_route
>
is one variable and you substitute one value
for it.
xiv 304111-A Rev 00
Preface
screen text Indicates system output, for example, prompts and
system messages.
Acronyms
Example:
Set Bay Networks Trap Monitor Filters
separator ( > ) Shows menu paths.
Example: Protocols > I P ide nti fies the IP option on the
Protocols menu.
vertical line (
) Separates choices for command keywords and
|
arguments. Enter only one of the choices. Do not type
the vertical line when entering the command.
Example: If the command syntax is:
show ip {alerts | routes
show ip alerts
show ip routes
or
This guide uses the following acronyms:
CBC cipher block chaining
DES Data Encryption Standard
ESP Encapsulated Payload
}
, you enter either:
, but not both.
HMAC Hashing Message Authentication Code
IANA Internet Assigned Numbers Authority
ICMP Internet Con trol Message Protocol
ICV integri ty check value
IETF Internet Engineering Task Force
IP Internet P rotocol
IV initialization vector
MD5 Message Digest 5
MIB management information base
NPK node protection key
NVRAM nonvolatile random access memory
304111-A Rev 00 xv
Configuring IP Security Services
RNG random number generator
SA security association
SAD security associations database
SPD security policy database
SPI security parameter index
VPN virtual private network
WAN wide area network
Bay Networks Technical Publications
You can now print Bay Networks technical manuals and release notes free,
directly from the Internet. Go to support.baynetwork s.com/libr ary/ tpubs/ . Fi nd the
Bay Networks product for which you need documentation. Then locate the
specific category and model or version for your hardware or software product.
Using Adobe Acrobat Re ader, you can open the manuals an d rel ease n otes, searc h
for the sections you need, and print them on most standard printers. You can
download Acrobat Reader free from the Adobe Systems Web site,
www.adobe.com.
You can purchase Bay N etworks documentation sets, CDs, and selected technical
publications through the Bay Networks Collateral Catalog. The catalog is located
on the World Wide Web at support.baynetworks.com/catalog.html and is divided
into sections arranged alphabetically:
• The “CD ROMs” section lists available CDs.
• The “Guides/Books” section lists books on technical topics.
• The “Technical Manuals” section lists available printed documentation sets.
Make a note of the part numbers and prices of the items that you want to order.
Use the “Marketing Collateral Catalog description” link to place an order and to
print the order form.
xvi 304111-A Rev 00
How to Get Help
For product assi stance, support contracts, information abo ut educational services,
and the telephone numbers of our gl obal supp ort offices, go to the following URL:
http://www.baynetworks.com/corpor a te/co ntacts /
In the United States and Canada, you can dial 800-2LANWAN for assistance.
Preface
304111-A Rev 00 xvii
Chapter 1
Overview
IP Security (IPsec) is the Bay Networks implementation of the Internet
Engineering Task Force (IETF) set of standards for security services for
communications over public networks. These standards were developed to ensure
secure, private communications for the remote access, extranet, and intranet
virtual private networks (VPNs) use in enterprise communications.
The Bay Networks implementation of the IETF standard provides network
(layer 3) security services for wide area network (WAN) communications on Bay
Networks routers.
How IPsec Works
IPsec services are bundled as an Internet Protocol (IP) encryption packet. In this
way, any IPsec packet can be delivered over the In terne t like an or dinary IP pack et
to branch offices, corporate partners, or other remote organizations. Unlike an
ordinary data packet, the IPsec packet is encrypted. Data traveling across the
Internet between IPsec-configured router interfaces can be secure, encrypted,
and private.
To configure a router with IPsec, you first configure the router interface as an
IP interface. Then you add the IPsec software to the IP interface, creating a
security gateway.
Network Considerations
To install the IP Security (IPsec) software, the router must be running BayRS
Version 13.10 and Site Manager Version 7.10.
304111-A Rev 00
1-1
Configuring IP Security Services
Supported Routers
Bay Networks IP technologies are implemented on BayRS router interfaces
supporting synchronous communications.
IPsec can pro vid e enc rypti on and a ut hentic atio n serv ice s to an y s erial int erf ace o n
the following routers:
™
•BayStack
Access Node (AN®)
• BayStack Advanced Remote Node
• Backbone Node (BN
™
• System 5000
modules
Supported WAN P rotocols
The supported WAN protocols are PPP and frame relay. Bay Networks dial
services are also supported. Dia l service s pro vide back up and demand services f or
PPP and frame relay.
™
(ARN™)
®
)
IPsec Protection
IPsec protection is implemented by making a router module interface a security
gateway. The router interface is secured with inbound and outbound security
policies that filter traffic to and from the router module. The data packets,
themselves, are protected with security associations (SAs). For information about
security gateways, see “Security Gateway” on page 2-2; for information about
inbound and outbound policies, see “IPsec Policies” on page 2-4; and for
information about security associations, see “Security Associations” on page 2-6.
Figure 1-1 sho ws ho w IPsec can prote ct data c ommunication s within a n enterpr ise
and from external hosts.
1-2
304111-A Rev 00
Overview
Corporate
Headquarters
Server
Router A
IP Security
Gateway
Security
Associations
(SAs A,B)
Partner
Router B Router C
Host Host
IP Security
Gateway
IPsec
Services
Public
Network
Security Associations
(SAs B,C)
IPsec
Services
Security
Associations
(SAs C,A)
Branch office
IP Security
Gateway
IPsec
Services
IP0088A
Figure 1-1. IPsec Environment: Unique Security Associations (SAs)
Between Routers
IPsec Tunnel Mode
When there is a security gateway at each end of a communication, the security
associations between the security gateways are said to be in tunnel mode. All
IPsec communications occur in tunnel mode. Tunnel mode is especially effective
for isolating and protecting enterprise traffic traveling across a public data
network as shown in Figure 1-1.
304111-A Rev 00
1-3
Configuring IP Security Services
Security Protocols Overview
IPsec uses two protocols to provide traffic security:
• Encapsulating Security Payload (ESP)
• Authentication Header (AH)
You can use either protocol or both to protect data packets on a VPN.
Encapsulating Security Payload
The ESP protocol provides confidentiality (encryption) services. It can also
provide data integrity, data origin authentication, and an anti-replay service. One
or more of these security services must be applied whenever ESP is invoked.
ESP uses the Data Encryption Standard (DES) algorithm for encryption and
Hashing Message Authentication Code Message Digest 5 (HMAC MD5)
transform identifiers. For more information about DES, see “Security Protocols”
on page 2-9.
Authentication Header
1-4
The AH protocol provides data integrity, data origin authentication, and optional
anti-replay services.
The AH protocol uses HMAC MD5 transform identifiers.
304111-A Rev 00
Loading...