Nortel 4134 用户指南

IPsec VPN fundamentals

For more information on QoS configuration, see Nortel Secure Router 4134
Configuration – Traffic Management (NN47263-601).

Logging and Statistics

VPN provides logging support on a global level, this logging can be on
a system console or telnet session of a syslog server. Statistics are
maintained for the number of packets and bytes processed in the inbound
and outbound direction for each SA. This helps administrator to debug
problems, if any.

Standards compliance

The SR4134 implementation of IPsec VPN complies with the following
RFCs:

Table 3
IKE standards

RFC number

Description

RFC1191

Path MTU Discovery

RFC1829

ESP DES-CBC Transform

RFC1851

ESP Triple DES Transform

RFC2104

HMAC: Keyed-Hashing for Message
Authentication

RFC 2401

Security Architecture for the Internet Protocol

RFC2402

IP Authentication Header

RFC2403

The Use of HMAC-MD5-96 within ESP and AH

RFC2404

The Use of HMAC-SHA-1-96 within ESP and AH

RFC2405

The ESP DES-CBC Cipher Algorithm With Explicit
IV RFC 2406 IP Encapsulating Security Payload

RFC2407

The Internet IP Security Domain of Interpretation
(DOI) for ISAKMP

RFC2408

Internet Security Association and Key
Management Protocol (ISAKMP)

RFC2409

Internet Key Exchange (IKE)

RFC2410

The NULL Encryption Algorithm and Its Use With
IPsec

RFC3174

US Secure Hash Algorithm 1 (SHA1)

RFC3526

More Modular Exponential (MODP) Diffie-Hellman
groups for IKE

RFC3602

The AES-CBC Cipher Algorithm and Its Use with
IPsec

Nortel Secure Router 4134

Security — Configuration and Management

NN47263-600

01.02

Standard

10.0

3 August 2007