Nortel 4134 Guia Do Utilizador

Configuring IPsec for site-to-site VPN

131

To specify the IP stream on which to apply IPsec, enter:

match address

<source-start-ip> <source-mask>

<dest-start-ip> <dest-mask>

[source-end-ip <A.B.C.D>]

[dest-end-ip <A.B.C.D>]

[protocol <protocol>]

[sport <0-65535>]

[dport <0-65535>]

—End—

Table 56
Variable definitions

Variable

Value

<source-start-ip>
<source-mask>

Source IP address and subnet mask of the IP stream
that is to be protected by the IPsec policy. If you are
defining a range of addresses, this represents the
start address in the range.

<dest-start-ip>
<dest-mask>

Destination IP address and subnet mask of the
IP stream that is to be protected by the IPsec
policy. If you are defining a range of addresses, this
represents the start address in the range.

[source-end-ip
<A.B.C.D>]

If you are defining a range of addresses for the
source IP, this parameter specifies the end address
in the range.

[dest-end-ip
<A.B.C.D>]

If you are defining a range of addresses for the
destination IP, this parameter specifies the end
address in the range.

[protocol <protocol>]

Specifies a protocol for the IP stream to be protected.
Valid values are:
udp UDP protocol
tcp TCP protocol
icmp ICMP protocol
gre GRE protocol
any all the protocols

[sport <0-65535>]

Specifies a source port value for the IP stream to
be protected.

[dport <0-65535>]

Specifies a destination port value for the IP stream
to be protected.

Configuring DH prime modulus group for PFS

Configure the Diffie-Hellman prime modulus group for Perfect Forward
Secrecy (PFS).

Nortel Secure Router 4134

Security — Configuration and Management

NN47263-600

01.02

Standard

10.0

3 August 2007