beautypg.com

Ipsec security descriptor, Chapter 3 – Nortel Networks 608(WL) User Manual

Page 69

background image

Chapter 3

Configuration via Local Pages

E-DOC-CTC-20051017-0169 v0.1

67

Page layout with

additional Descriptors

When you click Specify Additional Descriptors, the IKE Security Descriptors area of
the page is updated and shows additional fields where you can specify up to four
alternative IKE Security Descriptors:

These will be used as alternative valid proposals in the IKE negotiations.

IPSec Security

Descriptor

The IPSec Security Descriptor bundles the security parameters used for the Phase 2
Security Association.

A number of IPSec Security Descriptors are pre-configured in the SpeedTouch™,
and can be selected from the pull-down menu. Select a Security Descriptor in
function of your security requirements. The remote VPN clients must comply with
the security parameters configured in the VPN server.

In the example shown above, the pre-configured IPSec Security Descriptor, called
DES_MD5_TUN is selected.

This descriptor contains following settings:

Page layout with

additional Descriptors

When you click Specify Additional Descriptors, the IPSEC Security Descriptors area
of the page is updated and shows additional fields where you can specify up to four
alternative IPSec Security Descriptors:

These will be used as alternative valid proposals in the Phase 2 negotiations.

Parameter

Example:

DES_MD5_TUN

Cryptographic function

DES

Hash function

HMAC-MD5

Use of Perfect Forward Secrecy

no

IPSec SA lifetime in seconds.

86400 seconds (= 24 hours)

IPSec SA volume lifetime in kbytes.

no volume limit

The ESP encapsulation mode

tunnel

The contents of the IPSec Security Descriptors can be verified via

Advanced > Connections > Security Descriptors.

This manual is related to the following products: