Nortel 4134 사용자 가이드
Configuring remote access IPsec policies
153
Variable
Value
[dest-netmask
<A.B.C.D>]
<A.B.C.D>]
Subnet mask.
[dest-end-ip <A.B.C.D>]
destination IP address (end address if range is
applicable) in the IP stream to be applied IPsec
applicable) in the IP stream to be applied IPsec
[protocol <protocol>]
udp udp protocol
tcp tcp protocol
icmp icmp protocol
any all the protocols
tcp tcp protocol
icmp icmp protocol
any all the protocols
[sport <0-65535>]
Source port value.
[dport <0-65535>]
Destination port value.
Configuring DH prime modulus group for PFS
Configure the Diffie-Hellman prime modulus group for Perfect Forward
Secrecy (PFS). This specifies the strength of the PFS group which the
IPsec (phase 2) policy uses.
Secrecy (PFS). This specifies the strength of the PFS group which the
IPsec (phase 2) policy uses.
Procedure steps
Step
Action
1
To enter the configuration mode, enter:
configure terminal
2
To specify crypto configuration for IPsec and IKE, enter:
crypto
3
To specify configuration of dynamic IKE policies for remote access,
enter:
enter:
dynamic
4
To specify the remote access IPsec policy to configure, enter:
ipsec policy <name> {modecfg-group | l2tp-group}
5
To configure the PFS group, enter:
pfs-group {group1 | group2 | group5}
—End—
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.