Example DESMD5TUN | Nortel Networks 608(WL), 620 guide

Page layout with additional Descriptors

IPSec Security

Descriptor

Page layout with additional Descriptors

Chapter 3

Configuration via Local Pages

When you click Specify Additional Descriptors, the IKE Security Descriptors area of the page is updated and shows additional fields where you can specify up to four alternative IKE Security Descriptors:

These will be used as alternative valid proposals in the IKE negotiations.

The IPSec Security Descriptor bundles the security parameters used for the Phase 2 Security Association.

A number of IPSec Security Descriptors are pre-configured in the SpeedTouch™, and can be selected from the pull-down menu. Select a Security Descriptor in function of your security requirements. The remote VPN clients must comply with the security parameters configured in the VPN server.

In the example shown above, the pre-configured IPSec Security Descriptor, called DES_MD5_TUN is selected.

This descriptor contains following settings:

Parameter	Example: DES_MD5_TUN

Cryptographic function	DES

Hash function	HMAC-MD5

Use of Perfect Forward Secrecy	no

IPSec SA lifetime in seconds.	86400 seconds (= 24 hours)

IPSec SA volume lifetime in kbytes.	no volume limit

The ESP encapsulation mode	tunnel

The contents of the IPSec Security Descriptors can be verified via

Advanced > Connections > Security Descriptors.

When you click Specify Additional Descriptors, the IPSEC Security Descriptors area of the page is updated and shows additional fields where you can specify up to four alternative IPSec Security Descriptors:

These will be used as alternative valid proposals in the Phase 2 negotiations.

E-DOC-CTC-20051017-0169 v0.1	67

Nortel Networks 608(WL), 620 Layout with additional Descriptors IPSec Security, Example DESMD5TUN

Models: 620 608(WL)

Page layout with additional Descriptors

IPSec Security

Chapter 3

Parameter

Example: DES_MD5_TUN