1 connection security descriptor parameters, Parameters table, Example – Nortel Networks 608(WL) User Manual

Chapter 4

Configuration via the Command Line Interface

E-DOC-CTC-20051017-0169 v0.1

128

4.5.1 Connection Security Descriptor parameters

Parameters table

The following table summarizes the parameters comprised in the connection
security descriptor. The table also indicates the keyword used in the CLI for each
parameter:

Example:

A Connection Security Descriptor is a text string, comprising the parameters
described in the table above. An example is shown here:

Connection Descriptor

name [name]

This name is used internally to identify the Connection Descriptor.

Parameter

Keyword

Description

Connection Descriptor
name

name

Symbolic name to identify the
Descriptor.

Cryptographic function

crypto

Cryptographic function to be used
for the IPSec Security Association.

Key length

keylen

Length of the cryptographic key
for the AES encryption algorithm.

Hash function

integrity

Hashing function used for
message authentication.

Perfect Forward Secrecy

pfs

Selects the use of Perfect Forward
Secrecy.

IPSec SA lifetime

lifetime_secs

The lifetime of the IPSec Security
Association. At expiration of this
period re-keying occurs.

IPSec SA volume
lifetime

lifetime_kbytes

The maximum data volume
transported before re-keying
occurs.

Encapsulation

encaps

Selects the ESP encapsulation
mode.

AES(128)

TUNNEL MODE

Lifetime 86400s

HMAC-SHA1

Cryptographic function

(key length)

Hash function

IPsec SA lifetime

Encapsulation

mode