Panasonic NN46110-600 User Manual

Page 59

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

Advertising
background image

Chapter 2 Configuring servers

49

The VPN Router can store all passwords encrypted with 3DES, but you
must first enable the feature. To enable 3DES, select

Servers > LDAP

and click

Enable TripleDES

. When you enable TripleDES, all passwords

within the box are encrypted with 3DES as well as any future passwords

that are entered.

You can also change the existing encryption key by enabling

TripleDES

and, in the

Encryption Key

dialog box, enter an 8 byte character string or

hexadecimal value. For more information on 3DES, see “Encrypting with

3DES password” on page 27.

e

Confirm the password by reentering the server's

Secret

to verify that you

typed the password correctly.

f

Use the

reply-source-port

option to configure the port that the RADIUS

server uses as a source in the RADIUS authentication reply. The default

value is 0 (only allow a reply packet with the source port of 1645). The
UDP port that is used is the port configured in the Port attribute of the

RADIUS server configuration on the server Servers > RADIUS

Authentication window. The default value is 1645.

Reply-source-port is only necessary if you have a RADIUS server that

sends a RADIUS authentication reply with a UDP port that differs from

the originating UDP port. For example. if a RADIUS authentication
packet is sent from the VPN Router using the UDP source port 1100 and

UDP destination port 1645, the RADIUS server responds with a UDP

source port of 8500 and a destination UDP port of 1100. The VPN Router

is expecting a reply with a source UDP port of 1645 and a destination

UDP port of 1100. Therefore, this packet is dropped because the UDP

port 8500 is not open (by default) and the packet is filtered.

g

Click

Suppress-service-type

to remove the service type 8 attribute from

the radius access message and to return attributes to the VPN Router. This

is implemented to maintain forward compatibility with newer versions of
SBR.

4

In the

Response Timeout Interval

field, enter the frequency in seconds that

you want the VPN Router to wait before retrying to connect to the RADIUS

servers. By default, the VPN Router tries once every three seconds. The

minimum setting is 1.

Nortel VPN Router Security — Servers, Authentication, and Certificates

Advertising
Popular Brands
Popular manuals