Table of Contents
Advertisement
Chapter 3
Configuration via Local Pages
IPSec Security
Descriptor
Exchange Mode
Server Vendor
54
The IPSec Security Descriptor bundles the security parameters used for the Phase 2
Security Association.
A number of IPSec Security Descriptors are pre-configured in the SpeedTouch™,
and can be selected from a list. Select a Security Descriptor in compliance with the
IPSec security parameters configured in the remote VPN server.
For example, the pre-configured IPSec Security Descriptor AES_MD5_TUN, used in
various examples throughout this document, contains the following settings:
Parameter
Cryptographic function
Hash function
Use of Perfect Forward Secrecy
IPSec SA lifetime in seconds.
IPSec SA volume lifetime in kbytes.
The ESP encapsulation mode
The contents of the IPSec Security Descriptors can be verified via
Advanced > Connections > Security Descriptors.
IKE specifies two modes of operation for the Phase 1 negotiations: main mode and
aggressive mode. Main mode is more secure while aggressive mode is quicker.
The SpeedTouch™ can interact with VPN servers of various vendors. Because some
vendors implement proprietary features, it is required to select the server vendor.
The vendor specific features are reflected in the parameters required to dial in to the
VPN server. This is explained in more detail below.
Following vendors can be selected:
Select ...
when ...
generic
the VPN server is either a SpeedTouch™ or is unknown.
You need to specify your e-mail address for the dial-in
procedure (see
parameters" on page
Cisco
you connect to a Cisco VPN server. Cisco requires a
Group ID to be specified for the VPN clients (see
Server Vendor specific parameters" on page
Nortel
you connect to a Nortel VPN server.
Value for
AES_MD5_TUN
AES
HMAC-MD5
no
86400 seconds (= 24 hours)
no volume limit
tunnel
" Set of Server Vendor specific
58).
E-DOC-CTC-20051017-0169 v0.1
" Set of
58).
Advertisement
Table of Contents
