Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Providing encryption z/OS Communications Server: SNA Network Implementation Guide SC27-3672-01 |
|
If the IP network is the only unsecured section, you can use IPSec
between the two EE nodes to ensure that the transmitted data is not
modified or viewed along the path.
The most significant difference between IPSec and SLE is that IPSec encrypts part of the UDP header, but SNA session-level encryption does not. See z/OS Communications Server: SNA Resource Definition Reference for specifics about session-level encryption. Tip: The SNA header is encrypted only if IPSec is used.
If you use SNA encryption, use the filtering rule on the EE UDP port to allow traffic to flow without subsequent IPSec encryption. You can also use a combination of SNA encryption and IPSec authentication, where IPSec authentication is designed using filter rules on the same EE UDP port. For more information about IPSec and IP filtering, see z/OS Communications Server: IP Configuration Guide. |
Copyright IBM Corporation 1990, 2014
|