IPSec on the USG6000 series

0

Designed by Internet Engineering Task Force (IETF), IPSec is an open network-layer framework protocol. It is not a single protocol, but a collection of protocols and services that provide security for IP networks.

Other related questions:
IPSec content on the USG6000 series
IPSec includes security protocols such as Authentication Header (AH) and Encapsulating Security Payload (ESP), Internet Key Exchange (IKE), and certain algorithms used for authentication and encryption.

What is the IPSec in the USG6000 series equipment
IPSec is an open network layer security framework protocol developed by the Internet Engineering Task Force (IETF). It is not a separate protocol,But a collection of protocols and services that provide security for IP networks.

IPSec security services on the USG6000 series
Security services provided by IPSec include user data encryption, data integrity authentication, data origin authentication, and anti-replay.

Rate limiting for IPSec VPN tunnels of the USG6000 series
On the USG6000 series, rate limiting can be implemented for IPSec VPN tunnels by using two methods. Method 1: If multiple tunnels are established on the USG, traffic conflicts occur in the case of heavy data traffic. In this case, run speed-limit to limit the traffic in each IPSec tunnel. Excess packets are discarded. This ensures that all packets in each tunnel are transmitted properly. If the traffic coming through a tunnel to a local port is heavy, run inbound to limit the traffic coming from this IPSec tunnel to the local port. If the traffic forwarded by the local port is heavy, run outbound to limit the traffic forwarded by the local port to the IPSec tunnel. After a security policy is applied on an interface, you cannot run speed-limit to modify the limited rate in the security policy. If an IPSec security policy is configured in any of the following modes, you can run speed-limit { inbound | outbound } speed-limit to limit the traffic rate of the IPSec tunnel. �?Manual mode �?Template mode �?Internet Key Exchange (IKE) non-policy template mode Method 2: After traffic policies are configured, if the actual address before VPN encapsulation or after decapsulation is matched, the traffic rate of the IPSec VPN can be limited. Assume that the actual address before VPN encapsulation is 10.1.1.1. The configuration method is as follows: [sysname] traffic-policy [sysname-policy-traffic] rule name 1 [sysname-policy-traffic-rule-1] source-address 10.1.1.1 32

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top