Nortel Networks 620 User Manual
Chapter 3
Configuration via Local Pages
E-DOC-CTC-20051017-0169 v0.1
53
Server IP Address or
FQDN
Fill out the publicly known network location of the remote Gateway. You can specify
the public IP address, if it is invariable and known. More often, the publicly known
FQDN (such as vpn.corporate.com) will be used.
the public IP address, if it is invariable and known. More often, the publicly known
FQDN (such as vpn.corporate.com) will be used.
Backup Server IP
Address or FQDN
This field can optionally be filled out in a configuration with a backup VPN server. If
no backup VPN server is available, you leave this field open.
no backup VPN server is available, you leave this field open.
IKE Security Descriptor
The IKE Security Descriptor bundles the security parameters used for the IKE
Security Association (Phase1).
Security Association (Phase1).
A number of IKE Security Descriptors are pre-configured in the SpeedTouch™, and
can be selected from a list. Select a Security Descriptor in compliance with the IKE
security parameters configured in the remote VPN server.
can be selected from a list. Select a Security Descriptor in compliance with the IKE
security parameters configured in the remote VPN server.
For example, the pre-configured IKE Security Descriptor AES_MD5, used in various
examples throughout this document, contains the following settings:
examples throughout this document, contains the following settings:
!
When you specify an IP address, the SpeedTouch™ expects the VPN server
to use an IP address as identifier during the IKE negotiations. When an
FQDN is specified, the SpeedTouch™ expects the VPN server to use an
FQDN as well. If you encounter problems during the IKE negotiations, a
possible cause may be that different identity types are used by client and
server. You can check this via the VPN > Debug > Logging page.
to use an IP address as identifier during the IKE negotiations. When an
FQDN is specified, the SpeedTouch™ expects the VPN server to use an
FQDN as well. If you encounter problems during the IKE negotiations, a
possible cause may be that different identity types are used by client and
server. You can check this via the VPN > Debug > Logging page.
Parameter
Value for
AES_MD5
Cryptographic function
AES
Hash function
HMAC-MD5
Diffie-Hellman group
MODP768 (= group 1)
IKE SA lifetime in seconds.
3600 seconds (= 1 hour)
The contents of the IKE Security Descriptors can be verified via
Advanced > Peers > Security Descriptors.
Advanced > Peers > Security Descriptors.
It is recommended to use AES as preferred encryption method. AES is more
advanced, compared to DES or 3DES. It is faster for comparable key
lengths, and provides better security.
advanced, compared to DES or 3DES. It is faster for comparable key
lengths, and provides better security.