|
Manual or signaled
|
A secure IP interface, which can be either manual or signaled.
- You can configure manual interfaces manually on both local
and remote security gateways.
- Signaled interfaces can dynamically set up connections
between security gateways using ISAKMP/IKE.
|
|
Operational
VR
|
Operational parameters for the secure IP interface, including
the virtual router context to which this interface belongs and the
network prefix reachable through the interface.
|
|
Transport VR
|
Transport network characteristics for the tunnel, including
its virtual router context and source and destination IP addresses.
|
|
Perfect forward secrecy (PFS)
|
A key-generation approach that guarantees that every newly generated
session key is not in any way related to the previous keys. PFS ensures
that a compromised session key does not compromise previous and subsequent
keys.
|
|
Lifetime
|
A limit on time and traffic volume allowed over the interface
before an SA needs to be renegotiated.
|
|
Inbound and outbound SAs
|
The actual session-related parameters used by both security
gateways to secure the traffic between them. You can manually define
the SA for manual secure IP tunnels or the SA can dynamically negotiate
for signaled tunnels.
Two sets of SA parameters exist; one for inbound traffic and
another for outbound traffic.
|
|
Transform
set
|
The set of security parameters, including protocols and algorithms,
that is considered adequate to provide a required security level to
the traffic flowing through an interface.
|
