Nortel Networks 608(WL) ユーザーズマニュアル
Chapter 4
Configuration via the Command Line Interface
E-DOC-CTC-20051017-0169 v0.1
128
4.5.1 Connection Security Descriptor parameters
Parameters table
The following table summarizes the parameters comprised in the connection
security descriptor. The table also indicates the keyword used in the CLI for each
parameter:
security descriptor. The table also indicates the keyword used in the CLI for each
parameter:
Example:
A Connection Security Descriptor is a text string, comprising the parameters
described in the table above. An example is shown here:
described in the table above. An example is shown here:
Connection Descriptor
name [name]
This name is used internally to identify the Connection Descriptor.
Parameter
Keyword
Description
Connection Descriptor
name
name
name
Symbolic name to identify the
Descriptor.
Descriptor.
Cryptographic function
crypto
Cryptographic function to be used
for the IPSec Security Association.
for the IPSec Security Association.
Key length
keylen
Length of the cryptographic key
for the AES encryption algorithm.
for the AES encryption algorithm.
Hash function
integrity
Hashing function used for
message authentication.
message authentication.
Perfect Forward Secrecy
pfs
Selects the use of Perfect Forward
Secrecy.
Secrecy.
IPSec SA lifetime
lifetime_secs
The lifetime of the IPSec Security
Association. At expiration of this
period re-keying occurs.
Association. At expiration of this
period re-keying occurs.
IPSec SA volume
lifetime
lifetime
lifetime_kbytes
The maximum data volume
transported before re-keying
occurs.
transported before re-keying
occurs.
Encapsulation
encaps
Selects the ESP encapsulation
mode.
mode.
AES(128)
TUNNEL MODE
Lifetime 86400s
HMAC-SHA1
Cryptographic function
(key length)
Hash function
IPsec SA lifetime
Encapsulation
mode