Filter
Top Products
Chapter 3
Configuration via Local Pages
E-DOC-CTC-20051017-0169 v0.1
54
IPSec Security
Descriptor
The IPSec Security Descriptor bundles the security parameters used for the Phase 2
Security Association.
A number of IPSec Security Descriptors are pre-configured in the SpeedTouch™,
and can be selected from a list. Select a Security Descriptor in compliance with the
IPSec security parameters configured in the remote VPN server.
For example, the pre-configured IPSec Security Descriptor AES_MD5_TUN, used in
various examples throughout this document, contains the following settings:
Exchange Mode IKE specifies two modes of operation for the Phase 1 negotiations: main mode and
aggressive mode. Main mode is more secure while aggressive mode is quicker.
Server Vendor The SpeedTouch™ can interact with VPN servers of various vendors. Because some
vendors implement proprietary features, it is required to select the server vendor.
The vendor specific features are reflected in the parameters required to dial in to the
VPN server. This is explained in more detail below.
Following vendors can be selected:
Parameter Value for AES_MD5_TUN
Cryptographic function AES
Hash function HMAC-MD5
Use of Perfect Forward Secrecy no
IPSec SA lifetime in seconds. 86400 seconds (= 24 hours)
IPSec SA volume lifetime in kbytes. no volume limit
The ESP encapsulation mode tunnel
The contents of the IPSec Security Descriptors can be verified via
Advanced > Connections > Security Descriptors.
Select ... when ...
generic the VPN server is either a SpeedTouch™ or is unknown.
You need to specify your e-mail address for the dial-in
procedure (see “ Set of Server Vendor specific
parameters” on page 58).
Cisco you connect to a Cisco VPN server. Cisco requires a
Group ID to be specified for the VPN clients (see “Set of
Server Vendor specific parameters” on page 58).
Nortel you connect to a Nortel VPN server.