Page layout with additional Descriptors

IPSec Security

Descriptor

Page layout with additional Descriptors

Chapter 3

Configuration via Local Pages

When you click Specify Additional Descriptors, the IKE Security Descriptors area of the page is updated and shows additional fields where you can specify up to four alternative IKE Security Descriptors:

These will be used as alternative valid proposals in the IKE negotiations.

The IPSec Security Descriptor bundles the security parameters used for the Phase 2 Security Association.

A number of IPSec Security Descriptors are pre-configured in the SpeedTouch™, and can be selected from the pull-down menu. Select a Security Descriptor in function of your security requirements. The remote VPN clients must comply with the security parameters configured in the VPN server.

In the example shown above, the pre-configured IPSec Security Descriptor, called DES_MD5_TUN is selected.

This descriptor contains following settings:

Parameter

Example: DES_MD5_TUN

 

 

Cryptographic function

DES

 

 

Hash function

HMAC-MD5

 

 

Use of Perfect Forward Secrecy

no

 

 

IPSec SA lifetime in seconds.

86400 seconds (= 24 hours)

 

 

IPSec SA volume lifetime in kbytes.

no volume limit

 

 

The ESP encapsulation mode

tunnel

 

 

The contents of the IPSec Security Descriptors can be verified via

Advanced > Connections > Security Descriptors.

When you click Specify Additional Descriptors, the IPSEC Security Descriptors area of the page is updated and shows additional fields where you can specify up to four alternative IPSec Security Descriptors:

These will be used as alternative valid proposals in the Phase 2 negotiations.

E-DOC-CTC-20051017-0169 v0.1

67

 

Page 68 Page 70
Page 69
Image 69
Nortel Networks 608(WL), 620 manual Layout with additional Descriptors IPSec Security, Example DESMD5TUN
Page 68 Page 70
Top Page Image Contents