Справочник Пользователя для Nortel Networks 608(WL)
Chapter 3
Configuration via Local Pages
E-DOC-CTC-20051017-0169 v0.1
30
IKE Security
Descriptors
The IKE Security Descriptor bundles the security parameters used for the IKE
Security Association (Phase1).
Security Association (Phase1).
A number of IKE Security Descriptors are pre-configured in the SpeedTouch™, and
can be selected from a list. Select a Security Descriptor in compliance with the IKE
security parameters configured in the remote Security Gateway.
can be selected from a list. Select a Security Descriptor in compliance with the IKE
security parameters configured in the remote Security Gateway.
For example, the pre-configured IKE Security Descriptor AES_MD5, used in various
examples throughout this document, contains the following settings:
examples throughout this document, contains the following settings:
Page layout with
additional Descriptors
When you click Specify Additional Descriptors, the IKE Security Descriptors area of
the page is updated and shows additional fields where you can specify up to four
alternative IKE Security Descriptors:
the page is updated and shows additional fields where you can specify up to four
alternative IKE Security Descriptors:
These will be used as alternative valid proposals in the IKE negotiations.
Parameter
Value for
AES_MD5
Cryptographic function
AES
Hash function
HMAC-MD5
Diffie-Hellman group
MODP768 (= group 1)
IKE SA lifetime in seconds.
3600 seconds (= 1 hour)
The contents of the IKE Security Descriptors can be verified via
Advanced > Peers > Security Descriptors.
Advanced > Peers > Security Descriptors.
It is recommended to use AES as preferred encryption method. AES is more
advanced, compared to DES or 3DES. It is faster for comparable key
lengths, and provides better security.
advanced, compared to DES or 3DES. It is faster for comparable key
lengths, and provides better security.