SIP User's Manual 246 Document #: LTRT-65412
MP-11x & MP-124
6.4.6 IPSec Parameters
The Internet Protocol security (IPSec) parameters are described in the table below.
Table 6-25: IPSec Parameters
Parameter Description
IPSec Parameters
Web: Enable IP Security
EMS: IPSec Enable
[EnableIPSec]
Enables or disables IPSec on the device.
 [0] Disable = IPSec is disabled (default).
 [1] Enable = IPSec is enabled.
Note: For this parameter to take effect, a device reset is required.
Web: Dead Peer
Detection Mode
EMS: DPD Mode
[IPSecDPDMode]
Enables the Dead Peer Detection (DPD) 'keep-alive' mechanism
(according to RFC 3706) to detect loss of peer connectivity.
 [0] Disabled (default).
 [1] Periodic = message exchanges at regular intervals.
 [2] On Demand = message exchanges as needed (i.e., before sending
data to the peer). If the liveliness of the peer is questionable, the
device sends a DPD message to query the status of the peer. If the
device has no traffic to send, it never sends a DPD message.
For detailed information on DPD, refer to the Product Reference Manual.
IPSec Table
[IPSEC_SPD_TABLE]
This ini file table parameter configures the IPSec SPD table. The format
of this parameter is as follows:
[IPSEC_SPD_TABLE]
Format SPD_INDEX = IPSecMode, IPSecPolicyRemoteIPAddress,
IPSecPolicySrcPort, IPSecPolicyDStPort,IPSecPolicyProtocol,
IPSecPolicyLifeInSec, IPSecPolicyLifeInKB,
IPSecPolicyProposalEncryption_X,
IPSecPolicyProposalAuthentication_X,
IPSecPolicyKeyExchangeMethodIndex,
IPSecPolicyLocalIPAddressType,
IPSecPolicyRemoteTunnelIPAddress,
IPsecPolicyRemoteSubnetMask;
[\IPSEC_SPD_TABLE]
For example:
IPSEC_SPD_TABLE 0 = 0, 10.11.2.21, 0, 0, 17, 900, 1,2, 2,2 ,1, 0;
In the example above, all packets designated to IP address 10.11.2.21
that originate from the OAMP interface (regardless of destination and
source ports) and whose protocol is UDP are encrypted. The IPSec SPD
also defines an SA lifetime of 900 seconds and two security proposals
(DES/SHA1 and 3DES/SHA1). IPsec is performed using the Transport
mode.
Notes:
 Each row in the table refers to a different IP destination.
 To support more than one Encryption / Authentication proposal, for
each proposal specify the relevant parameters in the Format line.
 The proposal list must be contiguous.
 For a detailed description of this table and to configure the table using
the Web interface, refer to ''Configuring the IPSec Table'' on page 85.
To Next Page
Loading...
Need help?
General
