Ipsec
Guide to IPsec VPNs
Recommendations of the National Institute of Standards and Technology
Sheila Frankel Karen Kent Ryan Lewkowski Angela D. Orebaugh Ronald W. Ritchey Steven R. Sharma
NIST Special Publication 800-77
Guide to IPsec VPNs Recommendations of the National Institute of Standards and Technology Sheila Frankel Karen Kent Ryan LewkowskiAngela D. Orebaugh Ronald W. Ritchey Steven R. Sharma
C O M P U T E R
S E C U R I T Y
Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 December 2005
U.S. Department of Commerce
Carlos M. Gutierrez, Secretary
Technology Administration
Michelle O'Neill, Acting Under Secretary of Commercefor Technology
National Institute of Standards and Technology
William A. Jeffrey, Director
GUIDE TO IPSEC VPNS
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standardsinfrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassifiedinformation in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations.
National Institute of Standards and Technology Special Publication 800-77 Natl. Inst. Stand. Technol. Spec. Publ. 800-77, 126 pages (December 2005)Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the bestavailable for the purpose.
ii
GUIDE TO IPSEC VPNS
Acknowledgements
The authors, Sheila Frankel of the National Institute of Standards and Technology (NIST), and Karen Kent, Ryan Lewkowski, Angela D. Orebaugh, Ronald W. Ritchey, and Steven R. Sharma of Booz Allen Hamilton, wish to thank their colleagues who reviewed drafts of this document, including Bill Burr, Tim Grance, Okhee Kim,Peter Mell, and Murugiah Souppaya from NIST. The authors would also like to express their thanks to Darren Hartman and Mark Zimmerman of ICSA Labs; Paul Hoffman of the VPN Consortium; and representatives from the Department of Energy, the Department of State, the Environmental Protection Agency, and the U.S. Nuclear Regulatory Commission for their particularly valuable comments andsuggestions.
Trademark Information
Microsoft, Windows, Windows 2000, and Windows XP are either registered trademarks or trademarks of Microsoft Corporation in the United States and other countries. PGP is a trademark or registered trademark of PGP Corporation in the United States and other countries. Cisco and Cisco IOS are registered trademarks of Cisco Systems, Inc. in the United States andcertain other countries. Lucent Technologies is a trademark or service mark of Lucent Technologies Inc. All other names are registered trademarks or trademarks of their respective companies.
iii
GUIDE TO IPSEC VPNS
Table of Contents
Executive Summary ............................................................................................................ES-1 1. Introduction...
Regístrate para leer el documento completo.