Table of Contents
Advertisement
Port
IPSec Security
Descriptors
Page layout with
additional Descriptors
E-DOC-CTC-20051017-0169 v0.1
If the tcp or udp protocol is selected for the protocol parameter, then the access to
the IPSec connection can be further restricted to a single port. Many well-known
port numbers can be selected from the pull-down menu.
Separate fields are foreseen for the local and remote ports. Typically, identical
values are selected for both fields. In almost all cases, the value any is the most
appropriate choice.
If you want to restrict the ports on your secure VPN link, and you need
multiple ports, then you define a new connection for every individual port.
Separate IPSec tunnels will be established for each port.
The IPSec Security Descriptor bundles the security parameters used for the Phase 2
Security Association.
A number of IPSec Security Descriptors are pre-configured in the SpeedTouch™,
and can be selected from a list. Select a Security Descriptor in compliance with the
IPSec security parameters configured in the remote Gateway.
For example, the pre-configured IPSec Security Descriptor AES_MD5_TUN, used in
various examples throughout this document, contains the following settings:
Parameter
Cryptographic function
Hash function
Use of Perfect Forward Secrecy
IPSec SA lifetime in seconds.
IPSec SA volume lifetime in kbytes.
The ESP encapsulation mode
The contents of the IPSec Security Descriptors can be verified via the
Advanced menu.
Select Connections, and subsequently Security Descriptors.
When you click Specify Additional Descriptors, the IPSEC Security Descriptors area
of the page is updated and shows additional fields where you can specify up to four
alternative IPSec Security Descriptors:
These will be used as alternative valid proposals in the Phase 2 negotiations.
Configuration via Local Pages
Value for
AES_MD5_TUN
AES
HMAC-MD5
no
86400 seconds (= 24 hours)
no volume limit
tunnel
Chapter 3
49
Advertisement
Table of Contents
