tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...
tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...
tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
IPsec<br />
MIB See SNMP<br />
Small lexicon of routers<br />
IP security (IPsec) is a standard which uses IP datagrams to ensure the<br />
authenticity of the sender, the confidentiality and the integrity of the data<br />
through encrypt<strong>io</strong>n. The components of IPSec are the authenticat<strong>io</strong>n Header<br />
(AH), the encapsulating security payload (ESP), the security associat<strong>io</strong>n<br />
(SA), the security parameter index (SPI) and the internet key exchange (IKE).<br />
At the beginning of the communicat<strong>io</strong>n, the computers participating in the<br />
communicat<strong>io</strong>n clarify the process used and its implicat<strong>io</strong>ns, such as<br />
transport mode or tunnel mode.<br />
In transport mode, an IPSec header is used between the IP header and TCP<br />
or UDP header in each IP datagram. Since the IP header remains<br />
unchanged in the process, this mode is only suitable for a host-to-host<br />
connect<strong>io</strong>n.<br />
In tunnel mode, an IPSec header and a new IP header precede the entire IP<br />
datagram. That means the original datagram is encrypted in the payload of<br />
the new datagram.<br />
Tunnel mode is used with the APN: The devices at the tunnel ends encrypt<br />
and decrypt the datagrams along the stretch of the tunnel; in other words,<br />
the actual datagrams are fully protected along the transport route through<br />
the public network.<br />
NAT (Network With network address translat<strong>io</strong>n (NAT), often called IP masquerading, an<br />
Address Translat<strong>io</strong>n) entire network is "hidden" behind a single device, known as the NAT router.<br />
The internal computers in the local network remain concealed with their IP<br />
addresses in the local network when they communicate outwardly through<br />
the NAT router. Only the ANT router with its own IP address is visible to<br />
outside communicat<strong>io</strong>n partners.<br />
However, in order for internal computers to be able to communicate directly<br />
with external computers (on the internet), the NAT router must change the IP<br />
datagrams to and from the internal computer to the outside.<br />
If an IP datagram is sent from the internal network to the outside, the NAT<br />
router changes the IP and TCP header of the datagram. It switches the<br />
source IP address and the source port with its own official IP address and its<br />
own, prev<strong>io</strong>usly unused port. For this purpose, it maintains a table which<br />
establishes the allocat<strong>io</strong>n of the original with the new values.<br />
Upon receiving a response datagram, the NAT router recognises that the<br />
datagram is actually intended for an internal computer on the basis of the<br />
specified target port. Using the table, the NAT router exchanges the target IP<br />
address and the target port and forwards the datagram to the internal<br />
network.<br />
TAINY xMOD Page 101 of 111