Nortel Networks 608(WL) Manual De Usuario

Configuration via Local Pages

E-DOC-CTC-20051017-0169 v0.1

Port

If the tcp or udp protocol is selected for the protocol parameter, then the access to 
the IPSec connection can be further restricted to a single port. Many well-known 
port numbers can be selected from the pull-down menu.

Separate fields are foreseen for the local and remote ports. Typically, identical 
values are selected for both fields. In almost all cases, the value any is the most 
appropriate choice.

IPSec Security

Descriptors

The IPSec Security Descriptor bundles the security parameters used for the Phase 2 
Security Association. 

A number of IPSec Security Descriptors are pre-configured in the SpeedTouch™, 
and can be selected from a list. Select a Security Descriptor in compliance with the 
IPSec security parameters configured in the remote Gateway. 

For example, the pre-configured IPSec Security Descriptor AES_MD5_TUN, used in 
various examples throughout this document, contains the following settings:

Page layout with

additional Descriptors

When you click Specify Additional Descriptors, the IPSEC Security Descriptors area 
of the page is updated and shows additional fields where you can specify up to four 
alternative IPSec Security Descriptors:

These will be used as alternative valid proposals in the Phase 2 negotiations.

If you want to restrict the ports on your secure VPN link, and you need 
multiple ports, then you define a new connection for every individual port. 
Separate IPSec tunnels will be established for each port.

Parameter

Value for 

Cryptographic function

AES

Hash function

HMAC-MD5

Use of Perfect Forward Secrecy

no

IPSec SA lifetime in seconds.

86400 seconds (= 24 hours)

IPSec SA volume lifetime in kbytes.

no volume limit

The ESP encapsulation mode

tunnel

The contents of the IPSec Security Descriptors can be verified via the 
Advanced menu.

Select Connections, and subsequently Security Descriptors.