Configuring Ip Security Associations Table - AudioCodes MP-11x User Manual
Mediapack series analog voip gateways
Hide thumbs
Also See for MP-11x:
- Hardware installation manual (44 pages) ,
- Configuration manual (42 pages) ,
- User manual (486 pages)
Table of Contents
Advertisement
User's Manual
5.
To save the changes to flash memory, see 'Saving Configuration' on page 366.
Table 13-3: IP Security Proposals Table Configuration Parameters
Parameter Name
Encryption Algorithm
[IPsecProposalTable_EncryptionAlgorithm]
Authentication Algorithm
[IPsecProposalTable_AuthenticationAlgorithm]
Diffie Hellman Group
[IPsecProposalTable_DHGroup]
If no proposals are defined, the default settings (shown in the following table) are applied.
Proposal
Proposal 0
Proposal 1
Proposal 2
Proposal 3
13.4.3 Configuring IP Security Associations Table
The IP Security Associations Table page allows you to configure up to 20 peers (hosts or
networks) for IP security (IPSec)/IKE. Each of the entries in this table controls both Main
and Quick mode configuration for a single peer. Each row in the table refers to a different
IP destination. IPSec can be applied to all traffic to and from a specific IP address.
Alternatively, IPSec can be applied to a specific flow, specified by port (source or
destination) and protocol type.
The destination IP address (and optionally, destination port, source port and protocol type)
of each outgoing packet is compared to each entry in the table. If a match is found, the
device checks if an SA already exists for this entry. If no SA exists, the IKE protocol is
invoked and an IPSec SA is established and the packet is encrypted and transmitted. If a
match is not found, the packet is transmitted without encryption.
This table can also be used to enable Dead Peer Detection (RFC 3706), whereby the
device queries the liveliness of its IKE peer at regular intervals or on-demand. When two
peers communicate with IKE and IPSec, the situation may arise in which connectivity
between the two goes down unexpectedly. In such cases, there is often no way for IKE and
Version 6.6
Table 13-4: Default IPSec/IKE Proposals
Encryption
3DES
3DES
3DES
3DES
161
Description
Defines the encryption (privacy) algorithm.
[0] NONE
[1] DES CBC
[2] 3DES CBC
[3] AES (default)
Defines the message authentication (integrity)
algorithm.
[0] NONE
[2] HMAC SHA1 96
[4] HMAC MD5 96 (default)
Defines the length of the key created by the DH
protocol for up to four proposals. For the ini file
parameter, X denotes the proposal number (0 to
3).
[0] Group 1 (768 Bits) = DH-786-Bit
[1] Group 2 (1024 Bits) (default) = DH-1024-
Bit
Authentication
SHA1
MD5
SHA1
MD5
13. Security
DH Group
Group 2 (1024 bit)
Group 2 (1024 bit)
Group 1 (786 bit)
Group 1 (786 bit)
MP-11x & MP-124
Advertisement
Table of Contents
Troubleshooting
