Справочник Пользователя для Nortel Networks 608(WL)

Configuration via Local Pages

E-DOC-CTC-20051017-0169 v0.1

IPSec Security

Descriptor

The IPSec Security Descriptor bundles the security parameters used for the Phase 2 
Security Association. 

A number of IPSec Security Descriptors are pre-configured in the SpeedTouch™, 
and can be selected from a list. Select a Security Descriptor in compliance with the 
IPSec security parameters configured in the remote VPN server. 

For example, the pre-configured IPSec Security Descriptor AES_MD5_TUN, used in 
various examples throughout this document, contains the following settings: 

Exchange Mode

IKE specifies two modes of operation for the Phase 1 negotiations: main mode and 
aggressive mode. Main mode is more secure while aggressive mode is quicker.

Server Vendor

The SpeedTouch™ can interact with VPN servers of various vendors. Because some 
vendors implement proprietary features, it is required to select the server vendor. 
The vendor specific features are reflected in the parameters required to dial in to the 
VPN server. This is explained in more detail below.

Following vendors can be selected:

Parameter

Value for 

Cryptographic function

AES

Hash function

HMAC-MD5

Use of Perfect Forward Secrecy

no

IPSec SA lifetime in seconds.

86400 seconds (= 24 hours)

IPSec SA volume lifetime in kbytes.

no volume limit

The ESP encapsulation mode

tunnel

The contents of the IPSec Security Descriptors can be verified via 

Advanced > Connections > Security Descriptors.

Select ...

when ...

generic

the VPN server is either a SpeedTouch™ or is unknown. 
You need to specify your e-mail address for the dial-in 
procedure (see 

Cisco

you connect to a Cisco VPN server. Cisco requires a 
Group ID to be specified for the VPN clients (see 

Nortel

you connect to a Nortel VPN server.