Hewlett-Packard Mediant 2000 User's Manual
Download Operation & user’s manual of HP Mediant 2000 Gateway for Free or View it Online on All-Guides.com.
Brand: HP
Category: Gateway
Type: Operation & user’s manual for HP Mediant 2000
Pages: 496 (6.06 Mb)
SIP User's Manual 254 Document #: LTRT-68809
Mediant 2000
6.4.6 IPSec Parameters
The Internet Protocol security (IPSec) parameters are described in the table below.
Table 6-25: IPSec Parameters
Parameter Description
Web: Enable IP Security
EMS: IPSec Enable
IPSec Parameters
Enables or disables IPSec on the device.
[EnableIPSec]
[0]
Disable = IPSec is disabled (default).
[1] Enable = IPSec is enabled.
Note:
Web: Dead Peer
Detection Mode
EMS: DPD Mode
For this parameter to take effect, a device reset is required.
Enables the Dead Peer Detection (DPD) 'keep-alive' mechanism
(according to RFC 3706) to detect loss of peer connectivity.
[IPSecDPDMode]
[0]
Disabled (default).
[1]
Periodic = message exchanges at regular intervals.
[2]
For detailed information on DPD, refer to the
On Demand = message exchanges as needed (i.e., before sending
data to the peer). If the liveliness of the peer is questionable, the
device sends a DPD message to query the status of the peer. If the
device has no traffic to send, it never sends a DPD message.
Product Reference Manual
Web/EMS: IPSec Table
.
This
[IPSEC_SPD_TABLE]
ini
[IPSEC_SPD_TABLE]
Format SPD_INDEX = IPSec
file table parameter configures the IPSec SPD table. The format
of this parameter is as follows:
Mode, IPSecPolicyRemoteIPAddress,
IPSecPolicySrcPort, IPSecPolicyDStPort,IPSecPolicyProtocol,
IPSecPolicyLifeInSec, IPSecPolicyLifeInKB,
IPSecPolicyProposalEncryption_X,
IPSecPolicyProposalAuthentication_X,
IPSecPolicyKeyExchangeMethodIndex,
IPSecPolicyLocalIPAddressType,
IPSecPolicyRemoteTunnelIPAddress,
IPsecPolicyRemoteSubnetMask
For example:
IPSEC_SPD_TABLE 0 = 0, 10.11.2.21, 0, 0, 17, 900, 1,2, 2,2 ,1, 0;
In the example above, all packets designated to IP address 10.11.2.21
that originate from the OAMP interface (regardless of destination and
source ports) and whose protocol is UDP are encrypted. The IPSec SPD
also defines an SA lifetime of 900 seconds and two security proposals
(DES/SHA1 and 3DES/SHA1). IPsec is performed using the Transport
mode.
;
[\IPSEC_SPD_TABLE]
Each row in the table refers to a different IP destination.
Notes:
To support more than one Encryption / Authentication proposal, for
each proposal specify the relevant parameters in the Format line.
The proposal list must be contiguous.
For a detailed description of this table and to configure the table using
the Web interface, refer to ''Configuring the IPSec Table'' 90 on page .