JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Securing the Network in Oracle Solaris 11.1     Oracle Solaris 11.1 Information Library
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

1.  Using Link Protection in Virtualized Environments

2.  Tuning Your Network (Tasks)

3.  Web Servers and the Secure Sockets Layer Protocol

4.  IP Filter in Oracle Solaris (Overview)

5.  IP Filter (Tasks)

6.  IP Security Architecture (Overview)

Introduction to IPsec

IPsec RFCs

IPsec Terminology

IPsec Packet Flow

IPsec Security Associations

Key Management in IPsec

IPsec Protection Mechanisms

Authentication Header

Encapsulating Security Payload

Security Considerations When Using AH and ESP

Authentication and Encryption Algorithms in IPsec

Authentication Algorithms in IPsec

Encryption Algorithms in IPsec

IPsec Protection Policies

Transport and Tunnel Modes in IPsec

Virtual Private Networks and IPsec

IPsec and NAT Traversal

IPsec and SCTP

IPsec and Oracle Solaris Zones

IPsec and Logical Domains

IPsec Utilities and Files

7.  Configuring IPsec (Tasks)

8.  IP Security Architecture (Reference)

9.  Internet Key Exchange (Overview)

10.  Configuring IKE (Tasks)

11.  Internet Key Exchange (Reference)

Glossary

Index

Virtual Private Networks and IPsec

A configured tunnel is a point-to-point interface. The tunnel enables one IP packet to be encapsulated within another IP packet. A correctly configured tunnel requires both a tunnel source and a tunnel destination. For more information, see How to Create and Configure an IP Tunnel in Configuring and Administering Oracle Solaris 11.1 Networks.

A tunnel creates an apparent physical interface to IP. The physical link's integrity depends on the underlying security protocols. If you set up the security associations (SAs) securely, then you can trust the tunnel. Packets that exit the tunnel must have originated from the peer that was specified in the tunnel destination. If this trust exists, you can use per-interface IP forwarding to create a virtual private network (VPN).

You can add IPsec protections to a VPN. IPsec secures the connection. For example, an organization that uses VPN technology to connect offices with separate networks can add IPsec to secure the traffic between the two offices.

The following figure illustrates how two offices form a VPN with IPsec deployed on their network systems.

Figure 6-7 Virtual Private Network

image:Graphic shows that Offices 1 and 2 use the net0 interface to communicate with each other. Each office uses net1 for internal communication.

For a detailed example of the setup procedure, see How to Protect a VPN With IPsec in Tunnel Mode.

Copyright © 1999, 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next