Nortel Networks 608(WL) Bedienungsanleitung

SpeedTouch™608WL and SpeedTouch™620 onlySpeedTouch™608(WL)/620(Wireless) Business DSL RouterIPSec Configuration GuidePowerEthernetWLANPlug-inISDNInter

ContentsE-DOC-CTC-20051017-0169 v0.18

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.198Integrity The SpeedTouch™ supports two types of hashing algorithms: HMAC is alway

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1993.5.11 Connection Options PageOptionspage layoutThe Options page allows you to def

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.11003.5.12 Client PageClientpage layoutThe Client page is used for dialling-in to a V

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11014 Configuration via the Command Line InterfaceIn this chapter This

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11024.1 Basic IPSec configuration procedureTerminology The SpeedTouch™

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.1103Procedure In order to set up a basic IPSec configuration, the foll

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11044.2 Peer: Authentication AttributeWhat is ... Two main methods for

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11054.2.1 Authentication Attribute ParametersParameter table The authe

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11064.2.2 List all Authentication Attributeslist command The ipsec pee

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11074.2.3 Create a New Authentication Attributeadd command The ipsec p

About this IPSec Configuration GuideE-DOC-CTC-20051017-0169 v1.09About this IPSec Configuration GuideAbstract This document explains the IPSec functio

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11084.2.4 Set or Modify the Authentication Attribute Parametersmodify

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11094.2.5 Delete an Authentication attributedelete command The IPSec p

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11104.3 Peer Security DescriptorWhat is ... All security parameters re

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11114.3.1 Peer Security Descriptor ParametersParameter table The follo

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.1112Cryptographic function[crypto]The table below shows the encryption

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.1113IKE SA lifetime[lifetime_secs]The lifetime of a Security Associati

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11144.3.2 List all Peer Security Descriptorslist command The ipsec pee

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11154.3.3 Create a New Peer Security Descriptoradd command A new Peer

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11164.3.4 Set or Modify the Peer Descriptor Parametersmodify command T

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11174.3.5 Delete a Peer Descriptordelete command The ipsec peer descri

About this IPSec Configuration GuideE-DOC-CTC-20051017-0169 v1.010

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11184.4 PeerWhat is ... The Peer is a term that refers to the remote S

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11194.4.1 Peer parametersParameters table The following table shows th

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.1120Remote SecurityGateway identifier[remoteaddr]This parameter locali

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.1121Remote Identifier[remoteid]This parameter identifies the remote Se

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.1122Physical Interface [phyif] You can tie the peer to one of your Spe

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11234.4.2 List all peer entitieslist command The ipsec peer list comm

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11244.4.3 Create a new peer entityadd command A new Peer is created wi

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11254.4.4 Set or modify the peer parametersmodify command The ipsec pe

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11264.4.5 Delete a Peer entitydelete command The ipsec peer delete co

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11274.5 Connection Security DescriptorWhat is ... All security paramet

Chapter 1IPSec: Concept for secure IP connectionsE-DOC-CTC-20051017-0169 v1.0111 IPSec: Concept for secure IP connections Policies The introduction of

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11284.5.1 Connection Security Descriptor parametersParameters table Th

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.1129Cryptographic function[crypto]The table below shows the cryptograp

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.1130Perfect ForwardSecrecy [pfs]Enables or disables the use of Perfect

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11314.5.2 List all Connection Security Descriptorslist command The ips

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11324.5.3 Create a new Connection Security Descriptoradd command A new

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11334.5.4 Set the Connection Security Descriptor Parametersmodify comm

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11344.5.5 Delete a Connection Security Descriptordelete command The ip

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11354.6 Network DescriptorWhat is ... The concept of Network Descripto

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11364.6.1 Network Descriptor ParametersParameters table The following

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.1137Protocol [proto] Access to an IPSec connection can be restricted t

Chapter 1IPSec: Concept for secure IP connectionsE-DOC-CTC-20051017-0169 v1.0121.1 IPSec ConceptsRed and Black Network Following nomenclature will be

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11384.6.2 Create a New Network Descriptoradd command A new Network Des

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11394.6.3 Set the Network Descriptor Parametersmodify command The ipse

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11404.6.4 Delete a Network Descriptordelete command The ipsec connecti

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11414.7 ConnectionWhat is ... A Connection bundles all the parameters

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11424.7.1 Connection ParametersParameters table The table below shows

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.1143Local network[localnetwork]This parameter is used in the proposal

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.1144Always-on connection[alwayson]This parameter determines whether th

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11454.7.2 List all Connectionslist command The ipsec connection list

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11464.7.3 Create a New Connectionadd command A new Connection is creat

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11474.7.4 Set or Modify the Connection Parametersmodify command The ip

Chapter 1IPSec: Concept for secure IP connectionsE-DOC-CTC-20051017-0169 v1.013Internet Key Exchange The Internet Key Exchange (IKE) protocol is the n

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11484.7.5 Delete a Connectiondelete command The ipsec connection delet

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11494.7.6 Start a Connectionstart command The ipsec connection start

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11504.7.7 Stop a connectionstop command The ipsec connection stop com

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11514.8 Auxiliary CommandsIn this section The following topics are dis

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11524.8.1 Config CommandWhat is it used for This command serves two di

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.1153AutoProxyARP The automatic addition of ProxyARP entries in VPN cli

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.1154An example of AutoProxyARPAs an example, suppose a VPN server is c

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11554.8.2 Flush CommandWhat is it used for This command flushes the co

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11564.8.3 Clear Command GroupWhat is it used for This command group co

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.11574.9 Organisation of the IPSec Command GroupIntroduction In this se

Chapter 1IPSec: Concept for secure IP connectionsE-DOC-CTC-20051017-0169 v1.014

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.1158Connection commandgroupThe following table shows the commands of t

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.1159Peer command group The following table shows the commands of the i

Chapter 4Configuration via the Command Line InterfaceE-DOC-CTC-20051017-0169 v0.1160Show command group The following table shows the commands of the i

Chapter 5Troubleshooting SpeedTouch™ IPSecE-DOC-CTC-20051017-0169 v0.11615 Troubleshooting SpeedTouch™ IPSecIntroduction IPSec is a complex protocol s

Chapter 5Troubleshooting SpeedTouch™ IPSecE-DOC-CTC-20051017-0169 v0.11625.1 Via the Debug Web pagesHow to see the statusof the VPN connectionBrowse t

Chapter 5Troubleshooting SpeedTouch™ IPSecE-DOC-CTC-20051017-0169 v0.1163How to monitor theIPSec negotiationsProceed as follows:1 Browse to Expert mod

Chapter 5Troubleshooting SpeedTouch™ IPSecE-DOC-CTC-20051017-0169 v0.1164How to see the amountof traffic carried by aVPN connectionBrowse to Expert mo

Chapter 5Troubleshooting SpeedTouch™ IPSecE-DOC-CTC-20051017-0169 v0.11655.2 Via the CLI: Show command groupShow command group  You can check whether

Chapter 5Troubleshooting SpeedTouch™ IPSecE-DOC-CTC-20051017-0169 v0.1166...IPSecGlobalStats----------------IPSecGlobalActiveTunnels : 0IPSecGlob

Chapter 5Troubleshooting SpeedTouch™ IPSecE-DOC-CTC-20051017-0169 v0.11675.3 Via the CLI: Debug command group Traceconfig command The traceconfig comm

Chapter 2SpeedTouch™ IPSec terminologyE-DOC-CTC-20051017-0169 v1.0152 SpeedTouch™ IPSec terminologyIntroduction In order to understand the IPSec confi

Chapter 5Troubleshooting SpeedTouch™ IPSecE-DOC-CTC-20051017-0169 v0.1168Via Syslog messages The Syslog protocol is a powerful mechanism to investigat

Chapter 5Troubleshooting SpeedTouch™ IPSecE-DOC-CTC-20051017-0169 v0.1169Syslog messages The following table shows the syslog messages.Severity Conten

Chapter 5Troubleshooting SpeedTouch™ IPSecE-DOC-CTC-20051017-0169 v0.11705.4 Via SNMPDebugging via SNMPOn the SpeedTouch™, several SNMP MIBs are avail

Chapter 5Troubleshooting SpeedTouch™ IPSecE-DOC-CTC-20051017-0169 v0.11715.5 Pinging from the SpeedTouch™ to the remote private networkPing command In

Chapter 5Troubleshooting SpeedTouch™ IPSecE-DOC-CTC-20051017-0169 v0.1172

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11736 Advanced FeaturesIn this section The following topics are described in this section:Topic P

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11746.1 IPSec and the Stateful Inspection FirewallWhat about ... The SpeedTouch™ has a built-in f

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11756.2 Surfing through the VPN tunnelWeb BrowsingInterception and surfingthrough a tunnelOne of

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11766.3 Extended Authentication (XAuth)What is ... Extended Authentication, commonly referred to

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11776.4 VPN ClientIntroduction The SpeedTouch™ can be configured as a VPN client. SpeedTouch™. In

Chapter 2SpeedTouch™ IPSec terminologyE-DOC-CTC-20051017-0169 v1.0162.1 PolicyWhat is ... Security is all about traffic policies and these can be conf

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11786.4.1 VPN Client parametersParameters table The following table shows the VPN Client paramete

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11796.4.2 Create a new vpnclientadd command A new vpnclient is created with the ipsec peer vpncli

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11806.4.3 Set or modify the vpnclient parametersmodify command The ipsec peer vpnclient modify c

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11816.4.4 Attach the vpnclient entity to the peer entitymodify the peerparametersThe :ipsec peer

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11826.5 VPN ServerIntroduction In the previous section the SpeedTouch™ was used as a VPN client.

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11836.5.1 VPN Server parametersParameters table The following table shows the VPN Server paramete

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.1184Push IP address[push_ip]The VPN server will always provide an IP address to the remote VPN cl

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11856.5.2 Create a new VPN serveradd command A new VPN server is created with the ipsec peer vpns

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11866.5.3 Set or modify the vpnserver parametersmodify command The ipsec peer vpnserver modify c

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11876.5.4 Attach the vpnserver entity to the peer entitymodify the peerparametersThe :ipsec peer

Chapter 2SpeedTouch™ IPSec terminologyE-DOC-CTC-20051017-0169 v1.0172.2 Security DescriptorWhat is ... All security parameters required to establish a

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11886.6 XAuth Users PoolIntroduction In the previous section the application of the SpeedTouch™ a

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11896.6.1 XAuth Pool parametersParameters table The following table shows the XAuth Pool paramete

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11906.6.2 Create a new XAuth pooladd command A new XAuth pool is created with the ipsec peer vpns

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11916.6.3 Modify the xauthpool typemodify command With the ipsec peer vpnserver xauthpool modify

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11926.6.4 Attach the xauthpool entity to the vpnserver entitymodify the vpnserverparametersThe :i

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11936.6.5 Delete an xauthpool entitydelete command The ipsec peer vpnserver xauthpool delete com

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11946.6.6 XAuth User parametersParameters table The following table shows the XAuth User paramete

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11956.6.7 Create a new XAuth useradduser command A new XAuth user is created with the ipsec peer

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11966.6.8 Set or modify the password of an XAuth usermoduser command The ipsec peer vpnserver xau

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11976.6.9 Delete an xauthuser entitydelete command The ipsec peer vpnserver xauthpool deluser co

Chapter 2SpeedTouch™ IPSec terminologyE-DOC-CTC-20051017-0169 v1.0182.3 Authentication AttributeWhat is ... Two main methods for authentication are su

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.11986.7 The Default Peer ConceptWhy the default peerconceptConsider the network configuration sho

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.1199Example IPSecconnection, applying thedefault peer conceptSpeedTouch™ [1] IPSec peer configura

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.12006.8 One Peer - Multiple ConnectionsMultiple tunnels In order to setup a Phase 2 tunnel, a Pha

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.12016.9 Peer OptionsOptions list The peer options alter the behaviour of the VPN network. Options

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.1202Dead Peer Detection The SpeedTouch™ supports the Dead Peer Detection protocol. By default, t

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.12036.9.1 List all Peer Options listslist command The ipsec peer options list command shows all p

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.12046.9.2 Create a Peer Options listadd command The ipsec peer options add command allows adding

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.12056.9.3 Set or modify the Peer Option list parametersmodify command The ipsec peer options mod

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.12066.9.4 Delete a Peer Options listdelete command The ipsec peer options delete command deletes

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.12076.10 Connection OptionsOptions list The connection options alter the behaviour of the VPN net

Chapter 2SpeedTouch™ IPSec terminologyE-DOC-CTC-20051017-0169 v1.0192.4 Peer (Phase 1)What is ... The Peer is a term that refers to the remote Securit

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.1208Don’t Fragment bit[force_df]IPSec encryption increases the packet length. When the MTU of a l

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.12096.10.1 List all Connection Options listslist command The ipsec connection options list comma

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.12106.10.2 Create a Connection Options listadd command The ipsec connection options add command

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.12116.10.3 Set or modify the Connection Option list parametersmodify command The ipsec connectio

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.12126.10.4 Delete an Options listdelete command The ipsec connection options delete command dele

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.12136.11 Advanced ConnectionIntroduction The Advanced command group is a sub-group of the Connect

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.1214Local network[localnetwork]This parameter is used in the proposal presented to the remote Sec

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.1215Local match[localmatch] This setting is relevant in responder mode only. It is optionally fil

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.1216Remote match[remotematch] This setting is relevant in responder mode only. It is optionally f

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.1217Local selector[localselector] The local selector expresses a static IPSec policy for access t

Chapter 2SpeedTouch™ IPSec terminologyE-DOC-CTC-20051017-0169 v1.0202.5 Connection (Phase 2)What is ... Bundles all the parameters required for the Ph

Chapter 6Advanced FeaturesE-DOC-CTC-20051017-0169 v0.1218

Need more help?Additional help is available online at www.speedtouch.com© THOMSON 2006. All rights reserved. E-DOC-CTC-20051017-0169 v1.0 .

Chapter 2SpeedTouch™ IPSec terminologyE-DOC-CTC-20051017-0169 v1.0212.6 Network descriptorWhat is ... The concept of Network Descriptors is introduced

Chapter 2SpeedTouch™ IPSec terminologyE-DOC-CTC-20051017-0169 v1.022

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1233 Configuration via Local PagesPrerequisites In order to use the VPN features in t

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.124In this section The following topics are discussed in this section:Topic Page3.1 L

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1253.1 LAN to LAN ApplicationReference network A simple LAN-to-LAN network configurat

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.126Selecting the LAN toLAN applicationIn Expert Mode, click VPN > LAN to LAN. As a

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1273.1.1 Remote Gateway Address Known PageVPN context You know the location of the Re

SpeedTouch™608(WL)/620IPSec Configuration Guide

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.128Buttons You can use one of the following buttons:Remote Gateway The Remote Gateway

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.129Miscellaneous Comprises the following settings: Primary Untrusted Physical Interf

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.130IKE SecurityDescriptorsThe IKE Security Descriptor bundles the security parameters

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.131Page layout for pre-shared keyauthenticationWhen you click Use Preshared Key Authe

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.132IKE Authentication withPreshared KeyWhen you select Use Preshared Key Authenticati

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.133Example of a completedpageThe illustration below shows a completed page. The data

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.134Buttons You can use one of the following buttons:Click ... To ...Stop All Connecti

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1353.1.2 Remote Gateway Address Unknown PageVPN context Your SpeedTouch™ may have to

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.136Aggressive Modeversus Main ModeIKE specifies two modes of operation for the Phase

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.137Miscellaneous Comprises the following settings: Primary Untrusted Physical Interf

CopyrightCopyright ©1999-2006 THOMSON. All rights reserved. Distribution and copying of this document, use and communication of its contents is not pe

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.138IKE SecurityDescriptorsThe IKE Security Descriptor bundles the security parameters

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.139Page layout for pre-shared keyauthenticationWhen you click Use Preshared Key Authe

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.140IKE Authentication withPreshared KeyWhen you select Use Preshared Key Authenticati

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.141Main Mode initial page When you click Main Mode, the following page is displayed:B

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.142Page layout withadditional DescriptorsWhen you click Specify Additional Descriptor

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.143Page layout forcertificateauthenticationWhen you click Use Certificate Authenticat

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.144Identification &InterfaceThe Identification & Interface fields have to be

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.145Example of a completedpageThe illustration below shows a completed page. The data

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.146Buttons You can use one of the following buttons:Click ... To ...Stop All Connecti

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1473.1.3 Connections PagePage layout When you click New Connection to this Gateway, t

ContentsE-DOC-CTC-20051017-0169 v0.13ContentsAbout this IPSec Configuration Guide ... 91 IPSec: Concept for secure IP connections

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.148Trusted Network The Local and Remote Trusted Network parameters describe which ter

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.149Port If the tcp or udp protocol is selected for the protocol parameter, then the a

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.150Starting and stopping aconnection.A VPN connection is started automatically when d

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1513.2 VPN ClientVPN context For a VPN client-server scenario a dedicated set of user

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1523.2.1 VPN Client PageInitial page When you click VPN > VPN Client, the followin

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.153Server IP Address orFQDNFill out the publicly known network location of the remote

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.154IPSec SecurityDescriptorThe IPSec Security Descriptor bundles the security paramet

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.155Primary UntrustedPhysical InterfaceThis field shows a list of your SpeedTouch™ int

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.156Page layout for pre-shared keyauthenticationWhen you click Use Preshared Key Authe

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.157Starting and stopping aVPN client connectionTwo start mechanisms are defined:  Ma

ContentsE-DOC-CTC-20051017-0169 v0.143.3 VPN Server... 633.3.1 VPN Ser

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.158Local LAN IP Range In this field you have to configure the local access policy. In

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1593.2.2 Starting the VPN Client ConnectionMethod 1:Automatic StartIn section “ Start

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.160Dialling in 1 Select the VPN server from the table and click Dial-In at the bottom

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.161Client Identification When for the IKE Authentication method the Preshared Key met

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1623.2.3 Closing a ConnectionDisconnect procedure At the bottom of the VPN Client Con

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1633.3 VPN ServerVPN context In a VPN client-server scenario, the VPN server is alway

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1643.3.1 VPN Server PageInitial page When you click VPN > VPN Server, the followin

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.165Buttons You can use one of the following buttons:Local Trusted Network The Local T

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.166Page layout withadditional NetworksClicking Specify Additional Networks allows you

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.167Page layout withadditional DescriptorsWhen you click Specify Additional Descriptor

ContentsE-DOC-CTC-20051017-0169 v0.154.4 Peer ... 1184.4.1 Pe

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.168Miscellaneous Comprises the following settings: IKE Exchange Mode:IKE specifies t

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.169VPN Server settings Comprises the following settings: Virtual IP Range:Specifies

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.170Page layout for pre-shared keyauthenticationWhen you click Use Preshared Key Authe

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.171 Remote ID (Filter) Type and Remote ID Filter:The Remote ID Filter identifies the

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.172Authorized Users List When you selected the use of XAuth (either generic or chap)

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1733.4 CertificatesIntroduction The Certificates Navigation tab gives access to four

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.174CEP page This page allows configuring the Certificates Enrollment Protocol setting

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1753.5 Advanced VPN Menu When to use The Advanced VPN menu gives access to two main p

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.176Peer Profiles page When you click VPN > Advanced > Peers, the Peer Profiles

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.177Connection ProfilespageWhen you click VPN > Advanced > Connections, the Conn

ContentsE-DOC-CTC-20051017-0169 v0.165.3 Via the CLI: Debug command group ... 1675.4 Via SNMP ...

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1783.5.1 Peer Profiles PagePeer Profilespage layoutThe Peer Profiles page bundles all

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.179Local ID The Local ID identifies the local SpeedTouch™ during the Phase 1 negotiat

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.180Primary UntrustedPhysical InterfaceThis field shows a list of your SpeedTouch™ int

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.181Peer Options This optional parameter refers to the symbolic name of a peer options

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1823.5.2 Authentication PageAuthenticationpage layoutThe Authentication page allows y

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1833.5.3 Peer Descriptors PageDescriptorspage layoutA Peer Security Descriptor contai

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.184Crypto The table below shows the encryption algorithms supported by the SpeedTouch

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1853.5.4 Peer Options PageOptionspage layoutThe Options page allows you to define Opt

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1863.5.5 VPN-Client PageVPN-Clientpage layoutThe VPN-Client page allows you to define

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.187Type The Type parameter determines which Virtual IP Address Mapping type is select

ContentsE-DOC-CTC-20051017-0169 v0.176.9 Peer Options ... 2016.9.1 List all

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1883.5.6 VPN-Server PageVPN-Serverpage layoutThe VPN-Server page allows you to define

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.189Secondary DNS The IP address of the secondary DNS server, provided to the VPN clie

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1903.5.7 VPN-Server-XAuth PageVPN-Server-XAuthpage layoutThe VPN-Server-XAuth page al

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1913.5.8 Connection Profiles PageConnection Profilespage layoutThe Connection Profile

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.192Local network This parameter is used in the proposal presented to the remote Secur

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.193Connection Options This optional parameter refers to the symbolic name of a connec

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1943.5.9 Networks PageNetworkspage layoutThe Networks page allows you to define Netwo

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.195Protocol Optionally, the access to an IPSec connection can be restricted to a spec

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.1963.5.10 Connection Descriptors PageDescriptorspage layoutA Connection Security Desc

Chapter 3Configuration via Local PagesE-DOC-CTC-20051017-0169 v0.197Parameter table The following table summarizes the parameters comprised in the con