9 peer options, Options list, Local address – Nortel Networks 608(WL) User Manual

Chapter 6

Advanced Features

E-DOC-CTC-20051017-0169 v0.1

201

6.9 Peer Options

Options list

The peer options alter the behaviour of the VPN network. Options to be applied to
Peer entities are stored in named Option Lists. An Option List contains the following
options:

Local Address

When multiple IP addresses are assigned to the SpeedTouch™, this option can
force a specific address to be used as the IP source address for the messages
transmitted by the peer. This setting has priority over the routing table entries.

Valid values are: all IP addresses assigned to the SpeedTouch™, regardless of the
interface the IP address is assigned to. Normally, only the use of a black IP address
makes sense for this option, since in the general case, the red IP addresses are not
routable in the public Internet.

NAT-Traversal

Currently, the SpeedTouch™ supports the following draft rfcs related to NAT
Traversal: draft-ietf-ipsec-nat-t-ike-00, draft-ietf-ipsec-nat-t-ike-03 and draft-ietf-
ipsec-nat-t-ike-06.

By default, NAT-T is enabled, and the use of NAT-T is negotiated with the remote
peer. In case the remote peer does not support NAT-T, this option disables NAT-T in
the local SpeedTouch™.

Option

Keyword

Description

Local Address

local addr

Address used as source address
for tunnelled messages.

NAT-Traversal

NAT-T

Enables or disables NAT
Traversal.

Dead Peer Detection

dpd

Enables or disables Dead Peer
Detection

DPD Idle Period

dpd_idle_period

Worry period of the Dead Peer
Detection protocol.

DPD number of
Transmits

dpd_xmits

Number of attempts for sending
R-U-THERE messages.

DPD Timeout

dpd_timeout

Timeout period for R-U-THERE
messages.

Tunnel inactivity
timeout

inactivity

IKE session timeout period.

NAT-T

Possible values

default value

enabled
disabled

enabled