Configuring Ipsec And Ike; Ike Configuration; Table 13-1: Ike Table Configuration Parameters (Continues On Pages 323 To 324) - AudioCodes Mediant 1000 User Manual
Voice-over-ip (voip) h.323 media gateway
Hide thumbs
Also See for Mediant 1000:
- User manual (1195 pages) ,
- Hardware installation manual (84 pages) ,
- Installation manual (76 pages)
Table of Contents
Advertisement
H.323 User's Manual
IPSec Specifications:
Transport mode only
Encapsulation Security Payload (ESP) only
Support for Cipher Block Chaining (CBC)
Supported IPSec SA encryption algorithms: DES, 3DES, and AES
Hash types for IPSec SA include SHA1 and MD5
13.1.3 Configuring IPSec and IKE
To enable IPSec and IKE on the gateway set the ini file parameter 'EnableIPSec' to 1.
13.1.3.1 IKE Configuration
The parameters described in the table below are used to configure the first phase (main
mode) of the IKE negotiation for a specific peer. A different set of parameters can be
configured for each of the 20 available peers.
Up to two IKE main mode proposals (Encryption / Authentication / DH group combinations)
can be defined. The same proposals must be configured for all peers.
Table 13-1: IKE Table Configuration Parameters (continues on pages 323 to 324)
Parameter Name
Shared Key
[IKEPolicySharedKey]
First to Fourth Proposal
Encryption Type
[IKEPolicyProposalEncryptio
n_X]
First to Fourth Proposal
Authentication Type
[IKEPolicyProposalAuthentic
ation_X]
First to Fourth Proposal DH
Group
[IKEPolicyProposalDHGroup
_X]
Version 5.0
Determines the pre-shared key (in textual format).
Both peers must register the same pre-shared key for the authentication
process to succeed.
Note 1: The pre-shared key forms the basis of IPSec security and should
therefore be handled cautiously (in the same way as sensitive passwords). It is
not recommended to use the same pre-shared key for several connections.
Note 2: Since the ini file is in plain text format, loading it to the gateway over a
secure network connection is recommended, preferably over a direct crossed-
cable connection from a management PC. For added confidentiality, use the
encoded ini file option (described in Section
Note 3: After it is configured, the value of the pre-shared key cannot be
obtained via Web, ini file or SNMP (refer to Section
Determines the encryption type used in the main mode negotiation for up to
four proposals.
X stands for the proposal number (0 to 3).
The valid encryption values are:
Not Defined (default)
DES-CBC
[1]
Triple DES-CBC
[2]
AES
[3]
Determines the authentication protocol used in the main mode negotiation for
up to four proposals.
X stands for the proposal number (0 to 3).
The valid authentication values are:
Not Defined (default)
HMAC-SHA1-96)
[2]
HMAC-MD5-96
[4]
Determines the length of the key created by the DH protocol for up to four
proposals.
X stands for the proposal number (0 to 3).
The valid DH Group values are:
Not Defined (default)
DH-786-Bit
[0]
DH-1024-Bit
[1]
323
Description
6.1
on page 209).
13.1.3.3
13. Security
on page 329).
December 2006
- Quick Links:
- Call Forward
Hide quick links:
Advertisement
Table of Contents
