Nortel Networks 620, 608(WL) manual Basic IPSec configuration procedure

Chapter 4

Configuration via the Command Line Interface

4.1 Basic IPSec configuration procedure

Terminology The SpeedTouch™ uses specific IPSec terms and definitions. The following table relates these terms to the question to be solved when setting up an IPSec connection to a remote network

Setting up a basic IPSec configuration with the SpeedTouch™ involves the creation of a Peer entity and an IPSec Connection.

A Peer bundles all the parameters related to the IKE Security Association (also called Phase 1 SA). Some Phase 1 parameters are grouped in peer attributes, which are referred to by their symbolic name. Two peer attributes are defined:

the Authentication Attribute refers to the user authentication parameters required to set up the IKE Security Association

the Peer Security Descriptor groups the security parameters of the IKE Security Association.

It is required to create some valid peer attributes prior to the creation of an operational peer.

A Connection bundles all the parameters related to a bi-directional IPSec connection (consisting of two Phase 2 Security Associations).

The Phase 2 security parameters are bundled in a Connection Security

Descriptor.

A Network Descriptor describes the remote private network that is accessible via the IPSec connection.

A valid Connection contains a reference to both descriptors. Therefore some valid descriptors should be present in the SpeedTouch™ prior to the creation of an operational peer.