Ipsec Configuration; Table 14-3: Spd Table Configuration Parameters (Continues On Pages 350 To 351) - AudioCodes Mediant 1000 User Manual
Sip media gateways
Hide thumbs
Also See for Mediant 1000:
- User manual (1195 pages) ,
- Hardware installation manual (84 pages) ,
- Installation manual (76 pages)
Table of Contents
Advertisement
14.1.3.2 IPSec Configuration
The parameters described in
different set of parameters can be configured for each of the 20 available IP destinations.
Table 14-3: SPD Table Configuration Parameters (continues on pages 348 to 349)
Parameter Name
Remote IP Address
[IPSecPolicyRemoteIPAddres
s]
Local IP Address Type
[IPSecPolicyLocalIPAddressT
ype]
Source Port
[IPSecPolicySrcPort]
Destination Port
[IPSecPolicyDstPort]
Protocol
[IPSecPolicyProtocol]
Related Key Exchange Method
Index
[IPsecPolicyKeyExchangeMet
hodIndex]
IKE Second Phase Parameters (Quick Mode)
SA Lifetime (sec)
I[PsecPolicyLifeInSec]
SA Lifetime (KB)
[IPSecPolicyLifeInKB]
The lifetime parameters (IPsecPolicyLifeInSec and IPSecPolicyLifeInKB) determine the duration of which an SA
is valid. When the lifetime of the SA expires, it is automatically renewed by performing the IKE second phase
negotiations. To refrain from a situation where the SA expires, a new SA is being negotiated while the old one is
still valid. As soon as the new SA is created, it replaces the old one. This procedure occurs whenever an SA is
about to expire.
First to Fourth Proposal
Encryption Type
[IPSecPolicyProposalEncrypt
ion_X]
SIP User's Manual
Table 14-3
Defines the destination IP address (or a FQDN) the
IPSec mechanism is applied to.
This parameter is mandatory.
Note: When a FQDN is used, a DNS server must be
configured (DNSPriServerIP).
Determines the local interface to which the encryption is
applied (applicable to multiple IPs and VLANs).
0 = OAM interface (default).
1 = Control interface.
Defines the source port the IPSec mechanism is
applied to.
The default value is 0 (any port).
Defines the destination port the IPSec mechanism is
applied to.
The default value is 0 (any port).
Defines the protocol type the IPSec mechanism is
applied to.
0
= Any protocol (default).
17 = UDP.
6
= TCP.
Or any other protocol type defined by IANA (Internet
Assigned Numbers Authority).
Determines the index for the corresponding IKE entry. Note that several
policies can be associated with a single IKE entry.
The valid range is 0 to 19. The default value is 0.
Determines the time (in seconds) the SA negotiated in the second IKE session
(quick mode) is valid. After the time expires, the SA is re-negotiated.
The default value is 28800 (8 hours).
Determines the lifetime (in kilobytes) the SA negotiated in the second IKE
session (quick mode) is valid. After this size is reached, the SA is re-
negotiated.
The default value is 0 (this parameter is ignored).
Determines the encryption type used in the quick mode negotiation for up to
four proposals.
X stands for the proposal number (0 to 3).
The valid encryption values are:
Not Defined (default)
None
[0] = No encryption
DES-CBC
[1]
Triple DES-CBC
[2]
AES
[3]
348
below are used to configure the SPD table. A
Description
Document #: LTRT-83301
Mediant 1000
IPSec is applied to
outgoing packets
whose IP address,
destination port,
source port and
protocol type match
the values defined for
these four
parameters.
Advertisement
Table of Contents
