Local network, Remote network, Always on – Nortel Networks 608(WL) User Manual

Page 94: Connection descriptor, Chapter 3

Advertising
background image

Chapter 3

Configuration via Local Pages

E-DOC-CTC-20051017-0169 v0.1

92

Local network

This parameter is used in the proposal presented to the remote Security Gateway
during the Phase 2 negotiation. It determines which messages have access to the
IPSec connection at the local side of the tunnel. This is the basic parameter for the
dynamic IPSec policy capabilities of the SpeedTouch™. As an outcome of the Phase
2 negotiations, a static IPSec policy is derived.

The valid settings are:



the keyword: retrieve_from_server

This setting can be used in an IPSec client/server configuration. It is only
relevant at the client side of the connection where the SpeedTouch™ acts as
an initiator for the IPSec Security Association.



the keyword: black_ip

This setting is used only for remote management scenarios where the IPSec
tunnel is used exclusively for information generated or terminated by the
SpeedTouch™.



a symbolic name of a network descriptor

This is the most common selection in a LAN-to-LAN application. In this case
the Local network field holds the symbolic name of the network descriptor
that refers to the local private network having access to the IPSec connection.

Remote network

This parameter describes the remote network that may use the IPSec connection.
This parameter expresses a dynamic policy, which during the Phase 2 negotiation
results in a static policy.

The valid settings are:



the keyword: retrieve_from_server

This setting can be used in an IPSec client/server configuration. It is only
relevant at the client side of the connection where the SpeedTouch™ acts as
an initiator for the IPSec Security Association.



the keyword: allocated_virtual_ip

This setting can be used in an IPSec client/server configuration. It is only
relevant at the server side of the connection.



the keyword: black_ip

Designates the public IP address of the remote Security Gateway as the end
user of the secure connection. This setting is useful for a connection that
serves secure remote management of the remote Security Gateway.



a symbolic name of a network descriptor

This setting is used when the network environment at the remote side is
completely known. This is often the case in a site-to-site application where the
VPN structure and the use of specific ranges of IP addresses are under the
control of a network manager.

Always on

Select this check box when you want a VPN connection that automatically starts
negotiations when the SpeedTouch™ is operational.

Connection Descriptor

Select from the list the symbolic name of a Connection Security Descriptor to be
used for the IPSec connection. Up to four Descriptors can be selected in the Profiles
page. These Descriptors are presented as alternative proposals during the Phase 2
negotiations. Connection Security Descriptors are managed on the Connection
Descriptors sub-page. See

“3.5.10 Connection Descriptors Page” on page 96

.

Advertising
This manual is related to the following products:

620

Popular Brands
Popular manuals