Version 5.8 87 September 2009
SIP User's Manual 3. Web-Based Management
Parameter Name Description
Protocol
[IPSecPolicyProtocol]
Defines the protocol type to which the
IPSec mechanism is applied.
0 = Any protocol (default).
17 = UDP.
6 = TCP.
Any other protocol type defined by
IANA (Internet Assigned Numbers
Authority).
Related Key Exchange Method Index
[IPsecPolicyKeyExchangeMethodIndex]
Determines the index for the corresponding IKE entry.
Note that several policies can be associated with a
single IKE entry.
The valid range is 0 to 19. The default value is 0.
IKE Second Phase Parameters (Quick Mode)
SA Lifetime (sec)
[PsecPolicyLifeInSec]
Determines the time (in seconds) that the SA negotiated
in the second IKE session (quick mode) is valid. After
the time expires, the SA is re-negotiated.
The default value is 28,800 (i.e., 8 hours).
SA Lifetime (KB)
[IPSecPolicyLifeInKB]
Determines the lifetime (in kilobytes) that the SA
negotiated in the second IKE session (quick mode) is
valid. After this size is reached, the SA is re-negotiated.
The default value is 0 (i.e., this parameter is ignored).
These lifetime parameters [SA Lifetime (sec) and SA Lifetime (KB)] determine the duration for which
an SA is valid. When the lifetime of the SA expires, it is automatically renewed by performing the IKE
second phase negotiations. To refrain from a situation where the SA expires, a new SA is negotiated
while the old one is still valid. As soon as the new SA is created, it replaces the old one. This
procedure occurs whenever an SA is about to expire.
First to Fourth Proposal Encryption Type
[IPSecPolicyProposalEncryption_X]
Determines the encryption type used in the quick mode
negotiation for up to four proposals. For the ini file
parameter, X depicts the proposal number (0 to 3)).
The valid encryption values are:
[0] None = No encryption
[1] DES-CBC
[2] Triple DES-CBC
[3] AES-CBC
Not Defined (default)
First to Fourth Proposal Authentication
Type
[IPSecPolicyProposalAuthentication_X]
Determines the authentication protocol used in the quick
mode negotiation for up to four proposals. For the ini file
parameter, X depicts the proposal number (0 to 3).
The valid authentication values are:
[2] HMAC-SHA-1-96
[4] HMAC-MD5-96
Not Defined (default)
To Next Page
Loading...
Need help?
General
