User`s manual

ManualsBrandsAudioCodes ManualsComputer equipmentMediant 600

311

312

313

314

315

316

317

318

319

320

Version 5.4 317 May 2008

SIP User's Manual 4. ini File Configuration

ini File Parameter Description

(DES/SHA1 and 3DES/SHA1). IPsec is performed using the Transport

mode.

Notes:

 Each line in the table refers to a different IP destination.

 To support more than one Encryption / Authentication proposal, for

each proposal specify the relevant parameters in the Format line.

 The proposal list must be contiguous.

 To configure the IKE table using the Web interface, refer to ''Configuring

the IPSec Table'' on page 126.

 For an explanation on using ini file table parameters, refer to ''Structure

of ini File Table Parameters'' on page 293.

IKE Parameters

IPSec_IKEDB_Table

This ini file table parameter configures the IKE table. The format of this

parameter is as follows:

[IPSec_IKEDB_Table]

Format IKE_DB_INDEX = IKEPolicySharedKey,

IKEPolicyProposalEncryption_X, IKEPolicyProposalAuthentication_X,

IKEPolicyProposalDHGroup_X, IKEPolicyLifeInSec, IKEPolicyLifeInKB,

IkePolicyAuthenticationMethod;

[\IPSEC_IKEDB_TABLE]

Where,

 SharedKey = Pre-shared key (in textual format).

 ProposalEncryption_X = Encryption type for up to four proposals (0 to

3): [1] DES-CBC, [2] Triple DES-CBC, [3] AES-CBC.

 ProposalAuthentication_X = Authentication protocol for up to four

proposals (0 to 3): [2] HMAC-SHA1-96), [4] HMAC-MD5-96.

 ProposalDHGroup_X = Length of key created by the DH protocol for up

to four proposals (0 to 3): [0] DH-786-Bit, [1] DH-1024-Bit.

 LifeInSec = Time (in seconds) that the SA negotiated in the first IKE

session (main mode) is valid. After the time expires, the SA is re-

negotiated.

 LifeInKB = Lifetime (in kilobytes) that the SA negotiated in the first IKE

session (main mode) is valid. After this size is reached, the SA is re-

negotiated.

 AuthenticationMethod = Authentication method for IKE: [0] Pre-shared

Key (default), [1] RSA Signature.

For example:

[IPSec_IKEDB_Table]

Format IKE_DB_INDEX = IKEPolicySharedKey,

IKEPolicyProposalEncryption_0, IKEPolicypRoposalAuthentication_0,

IKEPolicyProposalDHGroup_0, IKEPolicyProposalEncryption_1,

IKEPolicyProposalAuthentication_1, IKEPolicyProposalDHGroup_1,

IKEPolicyLifeInSec, IkePolicyAuthenticationMethod;

IPSEC_IKEDB_TABLE 0 = 123456789, 1, 2, 0, 2, 2, 1, 28800, 0;

[\IPSEC_IKEDB_TABLE]

In the example above, a single IKE peer is configured and a pre-shared

key authentication is selected. Its pre-shared key is 123456789. Two

security proposals are configured: DES/SHA1/786DH and

3DES/SHA1/1024DH