Справочник Пользователя для Nortel Networks 608(WL)

Configuration via Local Pages

E-DOC-CTC-20051017-0169 v0.1

Page layout with

additional Descriptors

When you click Specify Additional Descriptors, the IKE Security Descriptors area of 
the page is updated and shows additional fields where you can specify up to four 
alternative IKE Security Descriptors:

These will be used as alternative valid proposals in the IKE negotiations.

IPSec Security

Descriptor

The IPSec Security Descriptor bundles the security parameters used for the Phase 2 
Security Association. 

A number of IPSec Security Descriptors are pre-configured in the SpeedTouch™, 
and can be selected from the pull-down menu. Select a Security Descriptor in 
function of your security requirements. The remote VPN clients must comply with 
the security parameters configured in the VPN server. 

In the example shown above, the pre-configured IPSec Security Descriptor, called 
DES_MD5_TUN is selected. 

This descriptor contains following settings:

Page layout with

additional Descriptors

When you click Specify Additional Descriptors, the IPSEC Security Descriptors area 
of the page is updated and shows additional fields where you can specify up to four 
alternative IPSec Security Descriptors:

These will be used as alternative valid proposals in the Phase 2 negotiations.

Parameter

Example: 

Cryptographic function

DES

Hash function

HMAC-MD5

Use of Perfect Forward Secrecy

no

IPSec SA lifetime in seconds.

86400 seconds (= 24 hours)

IPSec SA volume lifetime in kbytes.

no volume limit

The ESP encapsulation mode

tunnel

The contents of the IPSec Security Descriptors can be verified via

Advanced > Connections > Security Descriptors.