Chapter 3

Configuration via Local Pages

Miscellaneous Comprises the following settings:

IKE Exchange Mode:

IKE specifies two modes of operation for the Phase 1 negotiations: main mode and aggressive mode. Main mode is more secure while aggressive mode is quicker.

Primary Untrusted Physical Interface:

This field shows a list of your SpeedTouch™ interfaces. You select the preferred Primary Untrusted Physical Interface. This interface is used as the primary carrier for your VPN connection. In general, the primary untrusted interface is your DSL connection to the public Internet.

In the SpeedTouch™ the routing engine determines which interface is used for the VPN connection (your DSL connection to the Internet in most cases). So, what is the relevance to select a physical interface?

The VPN server handles incoming VPN connections only. For this kind of connections, where your SpeedTouch™ is the responder in the IKE negotiations, the interface is part of the matching process for accepting the connection. Using the default setting (any) has the effect of removing this matching criterion. For a VPN server configuration, this is the most convenient setting. If you select a specific interface as Primary Untrusted Physical Interface, then a new incoming VPN connection on a backup interface is not accepted.

The SpeedTouch™ VPN server has no mechanism for re-routing active VPN connections to a backup physical interface. Even if your SpeedTouch™ is equipped with an ISDN backup interface, all active VPN connections are lost when the primary interface of the VPN server fails. The overall network topology determines whether a VPN client is capable of reaching the backup interface of the SpeedTouch™ VPN server. It is the responsibility of the VPN client to set up a new VPN connection.

Inactivity Timeout:

When no traffic is detected at the peer for a certain period, it is decided that the tunnel is not used any more, and the IKE session is terminated. All IPSec connections supported by the IKE session are terminated as well.

This option sets the value of the inactivity timer.

Inactivity Timeout

default value

 

 

seconds

3600

 

 

68

E-DOC-CTC-20051017-0169 v0.1

 

Page 70
Image 70
Nortel Networks 620, 608(WL) manual Inactivity Timeout Default value