Справочник Пользователя для Nortel Networks 608(WL)
Chapter 4
Configuration via the Command Line Interface
E-DOC-CTC-20051017-0169 v0.1
102
4.1 Basic IPSec configuration procedure
Terminology
The SpeedTouch™ uses specific IPSec terms and definitions. The following table
relates these terms to the question to be solved when setting up an IPSec
connection to a remote network
relates these terms to the question to be solved when setting up an IPSec
connection to a remote network
Setting up a basic IPSec configuration with the SpeedTouch™ involves the creation
of a Peer entity and an IPSec Connection.
of a Peer entity and an IPSec Connection.
A Peer bundles all the parameters related to the IKE Security Association (also
called Phase 1 SA). Some Phase 1 parameters are grouped in peer attributes, which
are referred to by their symbolic name. Two peer attributes are defined:
called Phase 1 SA). Some Phase 1 parameters are grouped in peer attributes, which
are referred to by their symbolic name. Two peer attributes are defined:
the Authentication Attribute refers to the user authentication parameters
required to set up the IKE Security Association
required to set up the IKE Security Association
the Peer Security Descriptor groups the security parameters of the IKE
Security Association.
Security Association.
It is required to create some valid peer attributes prior to the creation of an
operational peer.
operational peer.
A Connection bundles all the parameters related to a bi-directional IPSec
connection (consisting of two Phase 2 Security Associations).
connection (consisting of two Phase 2 Security Associations).
The Phase 2 security parameters are bundled in a Connection Security
Descriptor.
Descriptor.
A Network Descriptor describes the remote private network that is accessible
via the IPSec connection.
via the IPSec connection.
A valid Connection contains a reference to both descriptors. Therefore some valid
descriptors should be present in the SpeedTouch™ prior to the creation of an
operational peer.
descriptors should be present in the SpeedTouch™ prior to the creation of an
operational peer.
What do we want to do?
How do we configure it in the
SpeedTouch™?
SpeedTouch™?
Define the remote Security Gateway to
which we want to set up an IKE
session.
which we want to set up an IKE
session.
Define a Peer.
Set how we will authenticate with this
remote Security Gateway.
remote Security Gateway.
Define an Authentication Attribute.
Set what security will be applied to the
IKE session.
IKE session.
Define a Peer Security Descriptor.
Define the characteristics of the IPSec
connection.
connection.
Define a Connection.
Define which remote private network
we want to access.
we want to access.
Define a Network Descriptor.
Set what security will be applied to the
IPSec connection.
IPSec connection.
Define a Connection Security
Descriptor.
Descriptor.