Table 234 Ipsec Branch Office Tunnel Settings - Nortel BCM 3.7 Manual

3 Click the Add button.
Or, right click the Branch Office Accounts heading and click Add.
The Add Branch Office Accounts dialog box appears.
4 Configure the Branch Office Tunnel Settings according to the following table.

Table 234 IPSec Branch Office Tunnel settings

Attribute Description
Tunnel Number Allows you to specify the Tunnel identifier.
The Tunnel Number uniquely identifies a IPSec tunnel. The value for this setting must follow
certain conventions. You must type the prefix 'T' followed by a unique number identifying the
IPSec Tunnel. For example, 'T2' is a valid name. If you specify an existing Tunnel number, you
receive an error message. The Tunnel identifier does not have any significance, other than
uniquely identifying an entry.
The maximum number of tunnels you can add is 20.
IPSec Status Allows you to view the current status of this IPSec Tunnel.
Choose Enabled or Disabled to change the status of this IPSec Tunnel.
The default setting is Disabled.
PFS Enabled Allows you to enable Perfect Forward Secrecy (PFS).
With PFS, keys are not derived from previous keys. This ensures that one key being
compromised cannot result in the compromise of subsequent keys.
If you create a tunnel to a Contivity Extranet Switch, you must set PFS Enabled to Yes.
You can choose Yes or No.
The default setting is Yes.
Note: Set PFS to No for connections to the Shasta 5000.
Idle Timeout Allows you to specify the amount of time the tunnel can remain idle before the tunnel is closed.
You cannot set the Idle Timeout setting to less than three minutes, except to disable the
timeout by entering 00:00:00.
Enter a value from 00:03:00 to 23:59:59. The default setting is 00:15:00.
A setting of 00:00:00 disables the Idle Timeout setting.
Highest Encryption Allows you to select the highest encryption level allowed on this IPSec tunnel.
When the encryption level is negotiated for this tunnel, Business Communications Manager
will not use any encryption level higher than the encryption level specified in this field.
For a description of the encryption levels, refer to
Key Type Select the format for the Preshared Key. The Key Type must be the same on both ends of the
IPSec tunnel. The format can be text or hexadecimal.
Note: If you change the Key Type, the Preshared Key is deleted.
Preshared Key Allows you to specify the text or hexadecimal string used to authenticate the data sent on this
tunnel.
The maximum length of the Preshared Key is 32 characters.
This key must be used at both ends of the IPSec Tunnel.
For best security, use a secure method to share this key.
Confirm Preshared Allows you to re-enter the Preshared Key to confirm that you entered the key correctly.
Key
"Encryption" on page 766.
Programming Operations Guide
IPSec 775