User's Manual 142 Document #: LTRT-68822
Mediant 2000
Parameter Name Description
certificates, see 'Replacing the Device's Certificate' on page 95.
Shared Key
[IPsecSATable_SharedK
ey]
Defines the pre-shared key (in textual format). Both peers must use
the same pre-shared key for the authentication process to succeed.
Notes:
 This parameter is applicable only if the Authentication Method
parameter is set to pre-shared key.
 The pre-shared key forms the basis of IPSec security and
therefore, it should be handled with care (the same as sensitive
passwords). It is not recommended to use the same pre-shared
key for several connections.
 Since the ini file is plain text, loading it to the device over a secure
network connection is recommended. Use a secure transport such
as HTTPS, or a direct crossed-cable connection from a
management PC.
 After it is configured, the value of the pre-shared key cannot be
retrieved.
Source Port
[IPsecSATable_SourceP
ort]
Defines the source port to which this configuration applies.
The default is 0 (i.e., any port).
Destination Port
[IPsecSATable_DestPort]
Defines the destination port to which this configuration applies.
The default is 0 (i.e., any port).
Protocol
[IPsecSATable_Protocol]
Defines the protocol type to which this configuration applies. Standard
IP protocol numbers, as defined by the Internet Assigned Numbers
Authority (IANA) should be used, for example:
 0 = Any protocol (default)
 17 = UDP
 6 = TCP
IKE SA Lifetime
[IPsecSATable_Phase1S
aLifetimeInSec]
Defines the duration (in seconds) for which the negotiated IKE SA
(Main mode) is valid. After this time expires, the SA is re-negotiated.
The default is 0 (i.e., unlimited).
Note: Main mode negotiation is a processor-intensive operation; for
best performance, do not set this parameter to less than 28,800 (i.e.,
eight hours).
IPSec SA Lifetime (sec)
[IPsecSATable_Phase2S
aLifetimeInSec]
Defines the duration (in seconds) for which the negotiated IPSec SA
(Quick mode) is valid. After this time expires, the SA is re-negotiated.
The default is 0 (i.e., unlimited).
Note: For best performance, a value of 3,600 (i.e., one hour) or more
is recommended.
IPSec SA Lifetime (Kbs)
[IPsecSATable_Phase2S
aLifetimeInKB]
Defines the maximum volume of traffic (in kilobytes) for which the
negotiated IPSec SA (Quick mode) is valid. After this specified
volume is reached, the SA is re-negotiated.
The default is 0 (i.e., the value is ignored).
Dead Peer Detection Mode
[IPsecSATable_DPDmod
e]
Defines dead peer detection (DPD), according to RFC 3706.
 [0] DPD Disabled (default)
 [1] DPD Periodic = DPD is enabled with message exchanges at
regular intervals
 [2] DPD on demand = DPD is enabled with on-demand checks -
message exchanges as needed (i.e., before sending data to the
peer). If the liveliness of the peer is questionable, the device sends
To Next Page
Loading...
Need help?
General
