Gre over ipsec -9 – Enterasys Networks XSR-3020 User Manual

System Description

XSR Getting Started Guide 1-9

SecurID (third-party plug-in)

Certificates (embedded/smart cards) – Microsoft only

•

Encryption

• Advanced Encryption Standard (AES), Triple Data Encryption Standard (3DES), Data

Encryption Standard (DES)

• 3DES/DES acceleration

•

Data Integrity

• MD5 & SHA-1 algorithms

•

Internet Protocol Security (IPsec)

• Encapsulating Security Payload (ESP), Authentication Header (AH) & IPComp

• Tunnel & Transport mode

• Diffie-Hellman Groups 1 & 2

• Mode Config for IP address assignment

• NAT Traversal via UDP encapsulation

•

Public Key Infrastructure (PKI)

• Microsoft, Verisign Certificate Authority (CA) support

• Simple Certificate Enrollment Protocol (SCEP)

• Chained CA support

• CRL checking (Hypertext Transfer Protocol [HTTP] & Lightweight Directory Access

Protocol (LDAP)

•

Network Address Translation (NAT)

• Static NAT, on the interface and port-forwarded static NAT

• PAT (NAPT) by port source and destination address

• Dynamic NAT by source/destination IP address

• Dynamic NAT pool mapping with overload

• PPTP/GRE ALG and arbitrary IP address for NAPT

• Multiple NATs on an interface

•

Dynamic Host Configuration Protocol (DHCP)

• DHCP Server

•

OSPF over VPN

•

DF Bit override

GRE over IPSec

•

ToS bit preservation

•

IP helper on VPN interfaces

•

IETF/Microsoft-compatible NAT traversal for L2TP

•

QoS over VPN