Nortel Networks 608(WL), 620 manual Security Descriptor

Chapter 2

SpeedTouch™ IPSec terminology

2.2 Security Descriptor

What is ... All security parameters required to establish a secure tunnel are grouped into a string called Security Descriptor or simply descriptor. Two different sets of descriptors are defined:

IKE session descriptors

IPSec descriptors

A Descriptor contains the methods for message authentication, encryption and hashing, and the lifetime of the Security Association. A number of descriptors are pre-configured in the SpeedTouch™. The user can modify these descriptors, or define additional descriptors to fit his requirements.

IKE session Descriptor The IKE descriptor contains the following parameters:

Encryption method

Message integrity method (also called message authentication)

Diffie-Hellman group used for key generation

Lifetime of the Security Association.

IPSec Descriptor The IPSec descriptor contains the following parameters:

Encryption method

Message integrity method (also called message authentication)

Selection to use Perfect Forward Secrecy, or not

Lifetime of the Security Association

Encapsulation method.