8
328 Nokia Network Voyager for IPSO 4.0 Reference Guide
Enabling Encryption Accelerator Cards
If you do not intend to use SecureXL, you must manually enable the encryption accelerator card
after you install it. If you enable SecureXL, the encryption accelerator card is automatically
enabled—you do not need to perform any other software task to activate the card.
Note
You cannot enable the card before you install it. The options in Network Voyager for
enabling the card do not appear until it is installed.
To enable the encryption accelerator card when you are using Check Point software to create and
manage VPN tunnels, complete the following procedure.
To enable the card for a Check Point VPN
1. Click IPSec under Security and Access in the tree view.
2. Scroll down the page and click IPSec Advanced Configuration.
3. At Hardware Device Configuration, click On.
4. Click Apply to enable the card.
Monitoring Cryptographic Acceleration
You can also monitor encryption accelerator card interfaces with Network Voyager.
To monitor the encryption accelerator cards, click Cryptographic Accelerator Statistics under
Monitor > Hardware Monitoring in the tree view.
IPSec Tunnels (IPSO Implementation)
Developed by the Internet Engineering Task Force (IETF), IPSec is the industry standard that
ensures the construction of secure virtual private networks (VPNs). A VPN is a private and
secure network implemented on a public and insecure network. Secure VPNs are as safe as
isolated office LANs running entirely over private lines and much more cost effective.
Note
Because the IP2250 appliance requires the use of Check Point’s SecureXL, this platform
does not support IPSO’s implementation of IPsec.
The IPSec protocol suite provides three new protocols for IP:
An authentication header (AH) that provides connectionless integrity and data origin
authentication. The IP header is included in the authenticated data. It does not offer
encryption services.