HostedDB - Dedicated UNIX Servers
index_174
Router Security Configuration Guide UNCLASSIFIED 174 UNCLASSIFIED Version 1.0g   (key eng. msg.) dest= 7.12.1.20, src= 14.2.0.20,     dest_proxy= 7.12.1.20/255.255.255.255/0/0 (type=1),     src_proxy= 14.2.0.20/255.255.255.255/0/0 (type=1),     protocol= ESP, transform= 3esp-des esp-sha-hmac ,     lifedur= 3600s and 4608000kb,     spi= 0x238108A4(595658916), conn_id=100, keysize=0,flags=0x4 4w0d: IPSEC(initialize_sas): ,   (key eng. msg.) dest= 7.12.1.20, src= 14.2.0.20,     dest_proxy= 7.12.1.20/255.255.255.255/0/0 (type=1),     src_proxy= 14.2.0.20/255.255.255.255/0/0 (type=1),     protocol= ESP, transform= 3esp-des esp-sha-hmac ,     lifedur= 3600s and 4608000kb,     spi= 0x385219F(59056543), conn_id=101, keysize=0, flags=0x4 4w0d: IPSEC(create_sa): sa created,   (sa) sa_dest= 7.12.1.20, sa_prot= 50,     sa_spi= 0x238108A4(595658916),     sa_trans= 3esp-des esp-sha-hmac , sa_conn_id= 100 4w0d: IPSEC(create_sa): sa created,   (sa) sa_dest= 7.12.1.20, sa_prot= 50,     sa_spi= 0x385219F(59056543),     sa_trans= 3esp-des esp-sha-hmac , sa_conn_id= 101 North# no debug all 4.     Use an IP packet sniffer to observe the contents of each packet in the IPSec tunnel negotiation This information, like that obtained from running the debug commands on the router, is invaluable in diagnosing exactly where the tunnel negotiation is failing, and for recovering from failures.   5.2.2.    Using IPSec for Secure Remote Administration The example used throughout the preceding section was to securely connect two networks from their gateways (which were Cisco routers).  This could represent either connecting widely separated networks, or isola ting networks within an organization.  Another use of IPSec would be to use it to protect the administration of a Cisco router.  Common ways to perform administration of a Cisco router is to use either a telnet (which sends the password in the clear) or SN MP.  Since both of these run over IP, IPSec can be used to encrypt this communication, eliminating the threat of a network sniffer seeing either the password being sent across the network or the current configuration. In this example, a computer on the desk of the administrator is to be used to administer the North router.  Let’s say the computer the administrator uses to configure the router has IP address 14.2.9.6, which is next to the servers in Figure 4- 1.  The IP address of the North router on the interface closest to the administrator is 14.2.1.250, so we’ll secure a connection to there.  First, we’ll set up the configuration on the router,   then examine the configuration sequence for a PC running Microsoft Windows 2000.