2 security descriptor, What is, Ike session descriptor – Nortel Networks 608(WL) User Manual

Chapter 2

SpeedTouch™ IPSec terminology

E-DOC-CTC-20051017-0169 v1.0

17

2.2 Security Descriptor

What is ...

All security parameters required to establish a secure tunnel are grouped into a
string called Security Descriptor or simply descriptor. Two different sets of
descriptors are defined:



IKE session descriptors



IPSec descriptors

A Descriptor contains the methods for message authentication, encryption and
hashing, and the lifetime of the Security Association. A number of descriptors are
pre-configured in the SpeedTouch™. The user can modify these descriptors, or
define additional descriptors to fit his requirements.

IKE session Descriptor

The IKE descriptor contains the following parameters:



Encryption method



Message integrity method (also called message authentication)



Diffie-Hellman group used for key generation



Lifetime of the Security Association.

IPSec Descriptor

The IPSec descriptor contains the following parameters:



Encryption method



Message integrity method (also called message authentication)



Selection to use Perfect Forward Secrecy, or not



Lifetime of the Security Association



Encapsulation method.