Miscellaneous, Chapter 3 – Nortel Networks 608(WL) User Manual

Page 31

Advertising
background image

Chapter 3

Configuration via Local Pages

E-DOC-CTC-20051017-0169 v0.1

29

Miscellaneous

Comprises the following settings:



Primary Untrusted Physical Interface:

This field shows a list of your SpeedTouch™ interfaces. You select the
preferred Primary Untrusted Physical Interface. This interface is used as the
primary carrier for your VPN connection. In general, the primary untrusted
interface is your DSL connection to the public Internet.

In the SpeedTouch™ the routing engine determines which interface is used for
the VPN connection (your DSL connection to the Internet in most cases). So,
what is the relevance to select a physical interface?

First of all, for incoming VPN connections where your SpeedTouch™ is the
responder in the IKE negotiations, the interface is part of the matching process
for accepting the connection. Selecting any has the effect of removing this
matching criterion. If you select a specific interface as Primary Untrusted
Physical Interface, then a

new

incoming VPN connection on a

backup

interface

is not accepted.

Secondly, if your SpeedTouch™ is equipped with a backup physical interface,
for example an ISDN backup interface, then this field determines the

preferred

interface for your VPN connection. This interface is used whenever it is
available. When this interface fails, the active VPN connections are re-routed
via the backup interface. When the primary interface becomes available again,
the VPN connections are re-routed to the primary interface. On the other hand,
when you select any as the Primary Untrusted Physical Interface and this
interface fails, the active VPN connections are also re-routed to the backup
interface. But when the DSL connection becomes available again, the VPN
connections are not re-routed as long as the backup connection is available.



IKE Exchange Mode:

IKE specifies two modes of operation for the Phase 1 negotiations: main mode
and aggressive mode. Main mode is more secure while aggressive mode is
quicker.



Inactivity Timeout:

When no traffic is detected at the peer for a certain period, it is decided that the
tunnel is not used any more, and the IKE session is terminated. All IPSec
connections supported by the IKE session are terminated as well.
This option sets the value of the inactivity timer.

Inactivity Timeout

default value

seconds

3600

Advertising
This manual is related to the following products:

620

Popular Brands
Popular manuals