Ipsec security descriptor, Exchange mode, Server vendor – Nortel Networks 608(WL) User Manual
Page 56: Chapter 3
Chapter 3
Configuration via Local Pages
E-DOC-CTC-20051017-0169 v0.1
54
IPSec Security
Descriptor
The IPSec Security Descriptor bundles the security parameters used for the Phase 2
Security Association.
A number of IPSec Security Descriptors are pre-configured in the SpeedTouch™,
and can be selected from a list. Select a Security Descriptor in compliance with the
IPSec security parameters configured in the remote VPN server.
For example, the pre-configured IPSec Security Descriptor AES_MD5_TUN, used in
various examples throughout this document, contains the following settings:
Exchange Mode
IKE specifies two modes of operation for the Phase 1 negotiations: main mode and
aggressive mode. Main mode is more secure while aggressive mode is quicker.
Server Vendor
The SpeedTouch™ can interact with VPN servers of various vendors. Because some
vendors implement proprietary features, it is required to select the server vendor.
The vendor specific features are reflected in the parameters required to dial in to the
VPN server. This is explained in more detail below.
Following vendors can be selected:
Parameter
Value for
AES_MD5_TUN
Cryptographic function
AES
Hash function
HMAC-MD5
Use of Perfect Forward Secrecy
no
IPSec SA lifetime in seconds.
86400 seconds (= 24 hours)
IPSec SA volume lifetime in kbytes.
no volume limit
The ESP encapsulation mode
tunnel
The contents of the IPSec Security Descriptors can be verified via
Advanced > Connections > Security Descriptors.
Select ...
when ...
generic
the VPN server is either a SpeedTouch™ or is unknown.
You need to specify your e-mail address for the dial-in
procedure (see
“ Set of Server Vendor specific
Cisco
you connect to a Cisco VPN server. Cisco requires a
Group ID to be specified for the VPN clients (see
Server Vendor specific parameters” on page 58
).
Nortel
you connect to a Nortel VPN server.