Chapter 6 – Nortel Networks 608(WL) User Manual

Chapter 6

Advanced Features

E-DOC-CTC-20051017-0169 v0.1

199

Example IPSec

connection, applying the

default peer concept

SpeedTouch™ [1] IPSec peer configuration:

The parameter localid can remain either unset, or an identifier type can be used that
is independent of the IP address, such as the userfqdn.

SpeedTouch™ [2] IPSec peer configuration:

The parameter remoteid remains unset. Any value will be accepted during the
Phase 1 negotiation.

[ipsec peer]=>add
name = rempeer2
:ipsec peer add name=rempeer2
[ipsec peer]=>modify
name = rempeer2
[remoteaddr] = 40.0.0.2
[backupaddr] =
[exchmode] = main
[localid] =
[remoteid] = (addr)40.0.0.2
[phyif] = DIALUP_PPPOE
[descr] = AES_MD5
[auth] = secret1
[client/server] =
[options] =
:ipsec peer modify name=rempeer2 remoteaddr=40.0.0.2 remoteid=(addr)40.
0.0.2
[ipsec peer]=>

[ipsec peer]=>add
name = rempeer1
:ipsec peer add name=rempeer1
[ipsec peer]=>modify
name = rempeer1
[remoteaddr] = 0.0.0.0
[backupaddr] =
[exchmode] = main
[localid] = (addr)40.0.0.2
[remoteid] =
[phyif] = DIALUP_PPPOE
[descr] = 3DES_MD5
[auth] = secret1
[client/server] =
[options] =
:ipsec peer modify name=rempeer1 remoteaddr=0.0.0.0 exchmode=main phyif
=DIALUP_PPPOE descr=3DES_MD5 auth=secret1
[ipsec peer]=>

When configured with a default peer, the SpeedTouch™ [2] will never be
able to initiate outgoing connections as it does not know any IP address of a
remote peer. It can operate in responder mode only.