Nortel BayStack 100-S Reference page 46

Reference for the baystack instant internet remote access commands version 7.11

Hide thumbs Also See for BayStack 100-S:

Using manual (344 pages)

Install manual (104 pages)

User manual (80 pages)

Table Of Contents

Table of Contents

Chapter 2 Using configuration commands

Table 13 ipsec command options (continued)

Option

remote

encrypt

authorize

group

pfs

timeout

disconnect

302005-F

Definition

Specifies the subnet(s) that will be received over the tunnel. For

more details, on how this option is used, refer to Using the

BayStack Instant Internet Management Software Version 7.11.

address

- Specifies the IP address you want to receive over

the tunnel

bits

- Specifies the optional subnet mask of the IP address you

want to receive over the tunnel

metric

- Controls the ipsec's position in routing tables.

Supports an alternate route for backup. Allows control of ipsec

entry. Gives the user the ability to make changes.

Specifies the encryption types used to set up a tunnel selected and

ordered as given. (For example, 3des null does not allow des and

chooses 3des followed by null.)

DES

- Data Encryption Standard

- Strong cryptography

3DES

- No encryption

Null

Specifies the authorization types used to set up a tunnel selected

and ordered as given. (For example, sha md5 null. Using this

scenario, the tunnel will try to use sha before md5.)

- Secure Hash Algorithm

SHA

MD5

- Message Digest 5

Null

- No authorization

A level of encryption strength used for the initial Diffie-Hellman

exchange. Group 2 (1024 bit prime modulus in the modular

exponentiation Oakley group) provides extra security at the

expense of significant additional computational overhead.

(default: 768)

Note: Due to performance issues, 1024 should not be enabled on

the Instant Internet 100 unit.

Perfect Forward Secrecy is a level of encryption strength. Both

ends have to be configured the same. When pfs is used,

compromise of a single key permits access only to data that is

protected by that key. This feature affects performance, especially

on an Instant Internet 100 Unit.

Establishes when a tunnel gets re-keyed. This may be in kilobytes

or in minutes.

number

- Specifies the number of minutes or kilobytes before a

tunnel gets re-keyed.

- Specifies that the number given will be in minutes.

minutes

- Specifies that the number given will be in kilobytes.

Cancels specified tunnel.

Table of Contents

This manual is also suitable for:

Baystack 400 Baystack 400-s Baystack 100 Baystack instant internet series

Nortel BayStack 100-S Reference page 46

Related Manuals for Nortel BayStack 100-S

Related Products for Nortel BayStack 100-S

This manual is also suitable for:

Table of Contents