Manualshelf

User`s manual

ManualsBrandsAudioCodes ManualsComputer equipmentMediant 600
131132133134135136137138139140
Version 5.4 131 May 2008
SIP User's Manual 3. Web-Based Management
If no IKE methods are defined (Encryption / Authentication / DH Group), the default settings
(shown in the following table) are applied.
Table 3-29: Default IKE First Phase Proposals
Proposal Encryption Authentication DH Group
Proposal 0
3DES SHA1 1024
Proposal 1
3DES MD5 1024
Proposal 2
3DES SHA1 786
Proposal 3
3DES MD5 786
The parameters described in the following table are used to configure the first phase (main
mode) of the IKE negotiation for a specific peer. A different set of parameters can be
configured for each of the 20 available peers.
Table 3-30: IKE Table Configuration Parameters
Parameter Name Description
Authentication Method
Determines the authentication method for IKE.
[0] Pre-shared Key (default)
[1] RSA Signature
Notes:
For pre-shared key authentication, peers participating in an IKE
exchange must have a prior (out-of-band) knowledge of the common
key (see IKEPolicySharedKey parameter).
For RSA signature authentication, peers must be loaded with a
certificate signed by a common CA. For additional information on
certificates, refer to ''Server Certificate Replacement'' on page 118.
Shared Key
Determines the pre-shared key (in textual format). Both peers must
register the same pre-shared key for the authentication process to
succeed.
Notes:
The pre-shared key forms the basis of IPSec security and should
therefore, be handled cautiously (in the same way as sensitive
passwords). It is not recommended to use the same pre-shared key
for several connections.
Since the ini file is in plain text format, loading it to the device over a
secure network connection is recommended, preferably over a direct
crossed-cable connection from a management PC. For added
confidentiality, use the encoded ini file option (described in ''Secured
Encoded ini File'' on page 291).
After it is configured, the value of the pre-shared key cannot be
obtained via Web interface, ini file, or SNMP (refer the Product
Reference Manual).
IKE SA LifeTime (sec)
Determines the time (in seconds) the SA negotiated in the first IKE
session (main mode) is valid. After the time expires, the SA is re-
negotiated.
The default value is 28800 (i.e., 8 hours).