Ike security descriptor, Chapter 3 – Nortel Networks 608(WL) User Manual

Chapter 3

Configuration via Local Pages

E-DOC-CTC-20051017-0169 v0.1

66

Page layout with

additional Networks

Clicking Specify Additional Networks allows you to designate up to four addresses/
subnets in case the Local Trusted Network can not be described by a single address/
subnet.

IKE Security Descriptor

The IKE Security Descriptor bundles the security parameters used for the IKE
Security Association (Phase1).

A number of IKE Security Descriptors are pre-configured in the SpeedTouch™, and
can be selected from a list. Select a Security Descriptor in function of your security
requirements. The remote VPN clients must comply with the IKE security
parameters configured in the VPN server.

For example, the pre-configured IKE Security Descriptor AES_MD5, used in various
examples throughout this document, contains the following settings:

The IKE Security Descriptor bundles the security parameters used for the IKE
Security Association (Phase1).

Parameter

Value for

AES_MD5

Cryptographic function

AES

Hash function

HMAC-MD5

Diffie-Hellman group

MODP768 (= group 1)

IKE SA lifetime in seconds.

3600 seconds (= 1 hour)

The contents of the IKE Security Descriptors can be verified via
Advanced > Peers > Security Descriptors.

It is recommended to use AES as preferred encryption method. AES is more
advanced, compared to DES or 3DES. It is faster for comparable key
lengths, and provides better security.