Miscellaneous, Chapter 3 – Nortel Networks 608(WL) User Manual

Page 70

Advertising
background image

Chapter 3

Configuration via Local Pages

E-DOC-CTC-20051017-0169 v0.1

68

Miscellaneous

Comprises the following settings:



IKE Exchange Mode:

IKE specifies two modes of operation for the Phase 1 negotiations: main mode
and aggressive mode. Main mode is more secure while aggressive mode is
quicker.



Primary Untrusted Physical Interface:

This field shows a list of your SpeedTouch™ interfaces. You select the
preferred Primary Untrusted Physical Interface. This interface is used as the
primary carrier for your VPN connection. In general, the primary untrusted
interface is your DSL connection to the public Internet.

In the SpeedTouch™ the routing engine determines which interface is used for
the VPN connection (your DSL connection to the Internet in most cases). So,
what is the relevance to select a physical interface?

The VPN server handles incoming VPN connections only. For this kind of
connections, where your SpeedTouch™ is the responder in the IKE
negotiations, the interface is part of the matching process for accepting the
connection. Using the default setting (any) has the effect of removing this
matching criterion. For a VPN server configuration, this is the most convenient
setting. If you select a specific interface as Primary Untrusted Physical
Interface, then a

new

incoming VPN connection on a

backup

interface

is not

accepted.

The SpeedTouch™ VPN server has no mechanism for re-routing active VPN
connections to a backup physical interface. Even if your SpeedTouch™ is
equipped with an ISDN backup interface, all active VPN connections are lost
when the primary interface of the VPN server fails. The overall network
topology determines whether a VPN client is capable of reaching the backup
interface of the SpeedTouch™ VPN server. It is the responsibility of the VPN
client to set up a new VPN connection.



Inactivity Timeout:

When no traffic is detected at the peer for a certain period, it is decided that the
tunnel is not used any more, and the IKE session is terminated. All IPSec
connections supported by the IKE session are terminated as well.
This option sets the value of the inactivity timer.

Inactivity Timeout

default value

seconds

3600

Advertising
This manual is related to the following products:

620

Popular Brands
Popular manuals