IPSec configuration for host-host communications

IPSec configuration for host-host communications

Problem:

IPSec configuration for host-host communications

Resolution:

  • Product Name: AppServer
  • Product Version: All
  • Product Component: TIBCO 4.4.3
  • Platform/OS Version: All

    Setting up IPSec for host-host communications between Solaris-Solaris and Solaris-Windows XP:

    IPsec protects IP packets by authenticating the packets, by encrypting the packets, or by doing both. IPsec is performed inside the IP module, below the application layer. Therefore, an Internet application can take advantage of IPsec while not having to configure itself to use IPsec, whereas the use of TLS/SSL or other higher-layer protocols must be incorporated into the design of applications at that level.

    IPsec uses the following protocols to perform various functions:

    A. Internet key exchange (IKE and IKEv2) to set up a security association (SA) by handling negotiation of protocols and algorithms and to generate the encryption and authentication keys to be used by IPsec.

    B. Authentication Header (AH) to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replay attacks.

    C. Encapsulating Security Payload (ESP) to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality.


    There are two modes of IPsec operation:

    1. Transport mode

    In transport mode, only the payload (the data you transfer) of the IP packet is encrypted and/or authenticated. The routing is intact, since the IP header is neither modified nor encrypted; however, when the authentication header is used, the IP addresses cannot be translated, as this will invalidate the hash value. The transport and application layers are always secured by hash, so they cannot be modified in any way (for example by translating the port numbers). Transport mode is used for host-to-host communications.


    2. Tunnel mode

    In tunnel mode, the entire IP packet (data and IP header) is encrypted and/or authenticated. It is then encapsulated into a new IP packet with a new IP header. Tunnel mode is used to create Virtual Private Networks for network-to-network communications (e.g. between routers to link sites), host-to-network communications (e.g. remote user access), and host-to-host communications (e.g. private chat).


    The document attached(IPSec Configuration_Solaris_WindowsXP.doc) talks about setting up the IPSec configuration for host-to-host communications.

    This configuration was tested with TIBCO 4.4.3 server in Solaris and jms client in Windows XP.

IPSec Configuration_Solaris_WindowsXP.doc
Old KB# 29559

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2013-02-15 20:37
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.