Nortel 4134 사용자 가이드
![Nortel](https://files.manualsbrain.com/attachments/41d8158aa9dad39109585817452a5513bedfdded/common/fit/150/50/b0df237683acfcba182fca1886fb0237fc1e06fba6e3e77a0d64d1463e4c/brand_logo.jpeg)
Configuring IPsec for site-to-site VPN
131
4
To specify the IP stream on which to apply IPsec, enter:
match address
<source-start-ip> <source-mask>
<dest-start-ip> <dest-mask>
[source-end-ip <A.B.C.D>]
[dest-end-ip <A.B.C.D>]
[protocol <protocol>]
[sport <0-65535>]
[dport <0-65535>]
—End—
Table 56
Variable definitions
Variable definitions
Variable
Value
<source-start-ip>
<source-mask>
<source-mask>
Source IP address and subnet mask of the IP stream
that is to be protected by the IPsec policy. If you are
defining a range of addresses, this represents the
start address in the range.
that is to be protected by the IPsec policy. If you are
defining a range of addresses, this represents the
start address in the range.
<dest-start-ip>
<dest-mask>
<dest-mask>
Destination IP address and subnet mask of the
IP stream that is to be protected by the IPsec
policy. If you are defining a range of addresses, this
represents the start address in the range.
IP stream that is to be protected by the IPsec
policy. If you are defining a range of addresses, this
represents the start address in the range.
[source-end-ip
<A.B.C.D>]
<A.B.C.D>]
If you are defining a range of addresses for the
source IP, this parameter specifies the end address
in the range.
source IP, this parameter specifies the end address
in the range.
[dest-end-ip
<A.B.C.D>]
<A.B.C.D>]
If you are defining a range of addresses for the
destination IP, this parameter specifies the end
address in the range.
destination IP, this parameter specifies the end
address in the range.
[protocol <protocol>]
Specifies a protocol for the IP stream to be protected.
Valid values are:
udp UDP protocol
tcp TCP protocol
icmp ICMP protocol
gre GRE protocol
any all the protocols
Valid values are:
udp UDP protocol
tcp TCP protocol
icmp ICMP protocol
gre GRE protocol
any all the protocols
[sport <0-65535>]
Specifies a source port value for the IP stream to
be protected.
be protected.
[dport <0-65535>]
Specifies a destination port value for the IP stream
to be protected.
to be protected.
Configuring DH prime modulus group for PFS
Configure the Diffie-Hellman prime modulus group for Perfect Forward
Secrecy (PFS).
Secrecy (PFS).
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.