Chapter 2

SpeedTouch™ IPSec terminology

2.2 Security Descriptor

What is ... All security parameters required to establish a secure tunnel are grouped into a string called Security Descriptor or simply descriptor. Two different sets of descriptors are defined:

IKE session descriptors

IPSec descriptors

A Descriptor contains the methods for message authentication, encryption and hashing, and the lifetime of the Security Association. A number of descriptors are pre-configured in the SpeedTouch™. The user can modify these descriptors, or define additional descriptors to fit his requirements.

IKE session Descriptor The IKE descriptor contains the following parameters:

Encryption method

Message integrity method (also called message authentication)

Diffie-Hellman group used for key generation

Lifetime of the Security Association.

IPSec Descriptor The IPSec descriptor contains the following parameters:

Encryption method

Message integrity method (also called message authentication)

Selection to use Perfect Forward Secrecy, or not

Lifetime of the Security Association

Encapsulation method.

E-DOC-CTC-20051017-0169 v1.0

17

 

Page 18 Page 20
Page 19
Image 19
Nortel Networks 608(WL), 620 manual Security Descriptor
Page 18 Page 20
Top Page Image Contents