Nortel Networks 620 User Manual
Chapter 6
Advanced Features
E-DOC-CTC-20051017-0169 v0.1
199
Example IPSec
connection, applying the
default peer concept
SpeedTouch™ [1] IPSec peer configuration:
The parameter localid can remain either unset, or an identifier type can be used that
is independent of the IP address, such as the userfqdn.
is independent of the IP address, such as the userfqdn.
SpeedTouch™ [2] IPSec peer configuration:
The parameter remoteid remains unset. Any value will be accepted during the
Phase 1 negotiation.
Phase 1 negotiation.
[ipsec peer]=>add
name = rempeer2
:ipsec peer add name=rempeer2
[ipsec peer]=>modify
name = rempeer2
[remoteaddr] = 40.0.0.2
[backupaddr] =
[exchmode] = main
[localid] =
[remoteid] = (addr)40.0.0.2
[phyif] = DIALUP_PPPOE
[descr] = AES_MD5
[auth] = secret1
[client/server] =
[options] =
:ipsec peer modify name=rempeer2 remoteaddr=40.0.0.2 remoteid=(addr)40.
0.0.2
[ipsec peer]=>
name = rempeer2
:ipsec peer add name=rempeer2
[ipsec peer]=>modify
name = rempeer2
[remoteaddr] = 40.0.0.2
[backupaddr] =
[exchmode] = main
[localid] =
[remoteid] = (addr)40.0.0.2
[phyif] = DIALUP_PPPOE
[descr] = AES_MD5
[auth] = secret1
[client/server] =
[options] =
:ipsec peer modify name=rempeer2 remoteaddr=40.0.0.2 remoteid=(addr)40.
0.0.2
[ipsec peer]=>
[ipsec peer]=>add
name = rempeer1
:ipsec peer add name=rempeer1
[ipsec peer]=>modify
name = rempeer1
[remoteaddr] = 0.0.0.0
[backupaddr] =
[exchmode] = main
[localid] = (addr)40.0.0.2
[remoteid] =
[phyif] = DIALUP_PPPOE
[descr] = 3DES_MD5
[auth] = secret1
[client/server] =
[options] =
:ipsec peer modify name=rempeer1 remoteaddr=0.0.0.0 exchmode=main phyif
=DIALUP_PPPOE descr=3DES_MD5 auth=secret1
[ipsec peer]=>
name = rempeer1
:ipsec peer add name=rempeer1
[ipsec peer]=>modify
name = rempeer1
[remoteaddr] = 0.0.0.0
[backupaddr] =
[exchmode] = main
[localid] = (addr)40.0.0.2
[remoteid] =
[phyif] = DIALUP_PPPOE
[descr] = 3DES_MD5
[auth] = secret1
[client/server] =
[options] =
:ipsec peer modify name=rempeer1 remoteaddr=0.0.0.0 exchmode=main phyif
=DIALUP_PPPOE descr=3DES_MD5 auth=secret1
[ipsec peer]=>
When configured with a default peer, the SpeedTouch™ [2] will never be
able to initiate outgoing connections as it does not know any IP address of a
remote peer. It can operate in responder mode only.
able to initiate outgoing connections as it does not know any IP address of a
remote peer. It can operate in responder mode only.