User`s manual
Table Of Contents
- Mediant 2000 & TP-1610 & TP-260/UNI SIP User’s Manual Version 5.0
- Table of Contents
- List of Figures
- List of Tables
- Notices
- 1. Overview
- 2. Physical Description
- 3. Installation
- 4. Getting Started
- 5. Web Management
- Computer Requirements
- Protection and Security Mechanisms
- Accessing the Embedded Web Server
- Getting Acquainted with the Web Interface
- Protocol Management
- Advanced Configuration
- Status & Diagnostic
- Software Update Menu
- Maintenance
- Logging Off the Embedded Web Server
- 6. Gateway's ini File Configuration
- Secured ini File
- Modifying an ini File
- The ini File Content
- The ini File Structure
- The ini File Example
- Networking Parameters
- System Parameters
- Web and Telnet Parameters
- Security Parameters
- RADIUS Parameters
- SNMP Parameters
- SIP Configuration Parameters
- Voice Mail Parameters
- ISDN and CAS Interworking-Related Parameters
- Number Manipulation and Routing Parameters
- E1/T1 Configuration Parameters
- Channel Parameters
- Configuration Files Parameters
- 7. Using BootP / DHCP
- 8. Telephony Capabilities
- Working with Supplementary Services
- Configuring the DTMF Transport Types
- Fax & Modem Transport Modes
- Event Notification using X-Detect Header
- ThroughPacket™
- Dynamic Jitter Buffer Operation
- Configuring the Gateway’s Alternative Routing (based on Conn
- Call Detail Report
- Supported RADIUS Attributes
- Trunk to Trunk Routing Example
- Proxy or Registrar Registration Example
- SIP Call Flow Example
- SIP Authentication Example
- 9. Networking Capabilities
- 10. Advanced PSTN Configuration
- 11. Advanced System Capabilities
- 12. Special Applications
- 13. Security
- 14. Diagnostics
- 15. SNMP-Based Management
- SNMP Standards and Objects
- Carrier Grade Alarm System
- Cold Start Trap
- Third-Party Performance Monitoring Measurements
- TrunkPack-VoP Series Supported MIBs
- Traps
- SNMP Interface Details
- SNMP Manager Backward Compatibility
- Dual Module Interface
- SNMP NAT Traversal
- SNMP Administrative State Control
- AudioCodes’ Element Management System
- 16. Configuration Files
- Appendix A. Selected Technical Specifications
- Appendix B. Supplied SIP Software Kit
- Appendix C. SIP Compliance Tables
- Appendix D. The BootP/TFTP Configuration Utility
- Appendix E. RTP/RTCP Payload Types and Port Allocation
- Appendix F. RTP Control Protocol Extended Reports (RTCP-XR)
- Appendix G. Accessory Programs and Tools
- Appendix H. Release Reason Mapping
- Appendix I. SNMP Traps
- Appendix J. Installation and Configuration of Apache HTTP Server
- Appendix K. Regulatory Information
SIP User's Manual 13. Security
Version 5.0 283 October 2006
IPSec specifications:
Transport mode only.
Encapsulation Security Payload (ESP) only.
Support for Cipher Block Chaining (CBC).
Supported IPSec SA encryption algorithms - DES, 3DES, and AES.
Hash types for IPSec SA are SHA1 and MD5.
13.1.3 Configuring the IPSec and IKE
To enable IPSec and IKE on the gateway set the ini file parameter ‘EnableIPSec’ to 1.
13.1.3.1 IKE Configuration
The parameters described in Table 13-1 below are used to configure the first phase (main
mode) of the IKE negotiation for a specific peer. A different set of parameters can be
configured for each of the 20 available peers.
Table 13-1: IKE Table Configuration Parameters (continues on pages 283 to 284)
Parameter Name Description
Shared Key
[IKEPolicySharedKey]
Determines the pre-shared key (in textual format).
Both peers must register the same pre-shared key for the authentication
process to succeed.
Note 1: The pre-shared key forms the basis of IPSec security and should
therefore be handled cautiously (in the same way as sensitive passwords). It is
not recommended to use the same pre-shared key for several connections.
Note 2: Since the ini file is in plain text format, loading it to the gateway over a
secure network connection is recommended, preferably over a direct crossed-
cable connection from a management PC. For added confidentiality, use the
encoded ini file option (described in Section
6.1 on page 127).
Note 3: After it is configured, the value of the pre-shared key cannot be
obtained via Web, ini file or SNMP (refer to Section
13.1.3.3 on page 289).
First to Fourth Proposal
Encryption Type
[IKEPolicyProposalEncryptio
n_X]
Determines the encryption type used in the main mode negotiation for up to
four proposals.
X stands for the proposal number (0 to 3).
The valid encryption values are:
Not Defined (default)
DES-CBC [1]
Triple DES-CBC [2]
AES [3]
First to Fourth Proposal
Authentication Type
[IKEPolicyProposalAuthentic
ation_X]
Determines the authentication protocol used in the main mode negotiation for
up to four proposals.
X stands for the proposal number (0 to 3).
The valid authentication values are:
Not Defined (default)
HMAC-SHA1-96) [2]
HMAC-MD5-96 [4]
First to Fourth Proposal DH
Group
[IKEPolicyProposalDHGroup_
X]
Determines the length of the key created by the DH protocol for up to four
proposals.
X stands for the proposal number (0 to 3).
The valid DH Group values are:
Not Defined (default)
DH-786-Bit [0]
DH-1024-Bit [1]