Version 7.0 189 Mediant 3000
User's Manual 14. Security
This table can also be used to enable Dead Peer Detection (RFC 3706), whereby the
device queries the liveliness of its IKE peer at regular intervals or on-demand. When two
peers communicate with IKE and IPSec, the situation may arise in which connectivity
between the two goes down unexpectedly. In such cases, there is often no way for IKE and
IPSec to identify the loss of peer connectivity. As such, the Security Associations (SA)
remain active until their lifetimes naturally expire, resulting in a "black hole" situation where
both peers discard all incoming network traffic. This situation may be resolved by
performing periodic message exchanges between the peers. When no reply is received,
the sender assumes SA’s are no longer valid on the remote peer and attempts to
renegotiate.
Notes:
• Incoming packets whose parameters match one of the entries in the IP Security
Associations table but is received without encryption, is rejected.
• If you change the device's IP address on-the-fly, you must then reset the device
for IPSec to function properly.
• The proposal list must be contiguous.
• For security, once the IKE pre-shared key is configured, it is not displayed in any
of the device's management tools.
• You can also configure the IP Security Associations table using the table ini file
parameter IPsecSATable (see ''Security Parameters'' on page 867).
 To configure the IPSec Association table:
1. Open the IP Security Associations table (Configuration tab > VoIP menu > Security
> IPSec Association Table).
To Next Page
Loading...
Need help?
General
