Nortel Networks 620 User Manual
Chapter 3
Configuration via Local Pages
E-DOC-CTC-20051017-0169 v0.1
68
Miscellaneous
Comprises the following settings:
IKE Exchange Mode:
IKE specifies two modes of operation for the Phase 1 negotiations: main mode
and aggressive mode. Main mode is more secure while aggressive mode is
quicker.
and aggressive mode. Main mode is more secure while aggressive mode is
quicker.
Primary Untrusted Physical Interface:
This field shows a list of your SpeedTouch™ interfaces. You select the
preferred Primary Untrusted Physical Interface. This interface is used as the
primary carrier for your VPN connection. In general, the primary untrusted
interface is your DSL connection to the public Internet.
preferred Primary Untrusted Physical Interface. This interface is used as the
primary carrier for your VPN connection. In general, the primary untrusted
interface is your DSL connection to the public Internet.
In the SpeedTouch™ the routing engine determines which interface is used for
the VPN connection (your DSL connection to the Internet in most cases). So,
what is the relevance to select a physical interface?
the VPN connection (your DSL connection to the Internet in most cases). So,
what is the relevance to select a physical interface?
The VPN server handles incoming VPN connections only. For this kind of
connections, where your SpeedTouch™ is the responder in the IKE
negotiations, the interface is part of the matching process for accepting the
connection. Using the default setting (any) has the effect of removing this
matching criterion. For a VPN server configuration, this is the most convenient
setting. If you select a specific interface as Primary Untrusted Physical
Interface, then a
connections, where your SpeedTouch™ is the responder in the IKE
negotiations, the interface is part of the matching process for accepting the
connection. Using the default setting (any) has the effect of removing this
matching criterion. For a VPN server configuration, this is the most convenient
setting. If you select a specific interface as Primary Untrusted Physical
Interface, then a
new
incoming VPN connection on a
backup
interface
is not
accepted.
The SpeedTouch™ VPN server has no mechanism for re-routing active VPN
connections to a backup physical interface. Even if your SpeedTouch™ is
equipped with an ISDN backup interface, all active VPN connections are lost
when the primary interface of the VPN server fails. The overall network
topology determines whether a VPN client is capable of reaching the backup
interface of the SpeedTouch™ VPN server. It is the responsibility of the VPN
client to set up a new VPN connection.
connections to a backup physical interface. Even if your SpeedTouch™ is
equipped with an ISDN backup interface, all active VPN connections are lost
when the primary interface of the VPN server fails. The overall network
topology determines whether a VPN client is capable of reaching the backup
interface of the SpeedTouch™ VPN server. It is the responsibility of the VPN
client to set up a new VPN connection.
Inactivity Timeout:
When no traffic is detected at the peer for a certain period, it is decided that the
tunnel is not used any more, and the IKE session is terminated. All IPSec
connections supported by the IKE session are terminated as well.
This option sets the value of the inactivity timer.
tunnel is not used any more, and the IKE session is terminated. All IPSec
connections supported by the IKE session are terminated as well.
This option sets the value of the inactivity timer.
Inactivity Timeout
default value
seconds
3600