Chapter 3

Configuration via Local Pages

IKE Security

Descriptors

The IKE Security Descriptor bundles the security parameters used for the IKE Security Association (Phase1).

A number of IKE Security Descriptors are pre-configured in the SpeedTouch™, and can be selected from a list. Select a Security Descriptor in compliance with the IKE security parameters configured in the remote Security Gateway.

For example, the pre-configured IKE Security Descriptor AES_MD5, used in various examples throughout this document, contains the following settings:

Parameter

Value for AES_MD5

 

 

Cryptographic function

AES

 

 

Hash function

HMAC-MD5

 

 

Diffie-Hellman group

MODP768 (= group 1)

 

 

IKE SA lifetime in seconds.

3600 seconds (= 1 hour)

 

 

Page layout with additional Descriptors

The contents of the IKE Security Descriptors can be verified via Advanced > Peers > Security Descriptors.

It is recommended to use AES as preferred encryption method. AES is more advanced, compared to DES or 3DES. It is faster for comparable key lengths, and provides better security.

When you click Specify Additional Descriptors, the IKE Security Descriptors area of the page is updated and shows additional fields where you can specify up to four alternative IKE Security Descriptors:

These will be used as alternative valid proposals in the IKE negotiations.

30

E-DOC-CTC-20051017-0169 v0.1

 

Page 31 Page 33
Page 32
Image 32
Nortel Networks 620, 608(WL) manual IKE Security Descriptors, Parameter Value for AESMD5, Layout with additional Descriptors
Page 31 Page 33
Top Page Image Contents