IPsec VPN指南(Guide to IPsec VPNs NIST SP800-77)

NIST

NIS IPSec VPN Firewall

In addition to providing specific recommendations related to configuring cryptography for IPsec, this guide presents a phased approach to IPsec planning and implementation that can help in achieving successful IPsec deployments. The five phases of the approach are as follows:

1. Identify Needs - Identify the need to protect network communications and determine how that need can best be met.

2. Design the Solution - Make design decisions in four areas: architectural considerations, authentication methods, cryptography policy, and packet filters.

3. Implement and Test a Prototype - Test a prototype of the designed solution in a lab or test environment to identify any potential issues.

4. Deploy the Solution - Gradually deploy IPsec throughout the enterprise.

5. Manage the Solution - Maintain the IPsec components and resolve operational issues; repeat the planning and implementation process when significant changes need to be incorporated into the solution.