Ipsec security descriptor, Chapter 3 – Nortel Networks 608(WL) User Manual
Page 69
Chapter 3
Configuration via Local Pages
E-DOC-CTC-20051017-0169 v0.1
67
Page layout with
additional Descriptors
When you click Specify Additional Descriptors, the IKE Security Descriptors area of
the page is updated and shows additional fields where you can specify up to four
alternative IKE Security Descriptors:
These will be used as alternative valid proposals in the IKE negotiations.
IPSec Security
Descriptor
The IPSec Security Descriptor bundles the security parameters used for the Phase 2
Security Association.
A number of IPSec Security Descriptors are pre-configured in the SpeedTouch™,
and can be selected from the pull-down menu. Select a Security Descriptor in
function of your security requirements. The remote VPN clients must comply with
the security parameters configured in the VPN server.
In the example shown above, the pre-configured IPSec Security Descriptor, called
DES_MD5_TUN is selected.
This descriptor contains following settings:
Page layout with
additional Descriptors
When you click Specify Additional Descriptors, the IPSEC Security Descriptors area
of the page is updated and shows additional fields where you can specify up to four
alternative IPSec Security Descriptors:
These will be used as alternative valid proposals in the Phase 2 negotiations.
Parameter
Example:
DES_MD5_TUN
Cryptographic function
DES
Hash function
HMAC-MD5
Use of Perfect Forward Secrecy
no
IPSec SA lifetime in seconds.
86400 seconds (= 24 hours)
IPSec SA volume lifetime in kbytes.
no volume limit
The ESP encapsulation mode
tunnel
The contents of the IPSec Security Descriptors can be verified via
Advanced > Connections > Security Descriptors.