User`s manual

ManualsBrandsAudioCodes ManualsComputer equipmentMP-1FXO

281

282

283

284

285

286

287

288

289

290

SIP User's Manual 12. Security

Version 5.0 285 December 2006

Table 12-3: SPD Table Configuration Parameters (continues on pages 284 to 285)

Parameter Name Description

First to Fourth Proposal

Encryption Type

[IPSecPolicyProposalEncrypt

ion_X]

Determines the encryption type used in the quick mode negotiation for up to

four proposals.

X stands for the proposal number (0 to 3).

The valid encryption values are:

Not Defined (default)

None [0] = No encryption

DES-CBC

[1]

Triple DES-CBC

[2]

AES [3]

First to Fourth Proposal

Authentication Type

[IPSecPolicyProposalAuthent

ication_X]

Determines the authentication protocol used in the quick mode negotiation for

up to four proposals.

X stands for the proposal number (0 to 3).

The valid authentication values are:

Not Defined (default)

HMAC-SHA-1-96

[2]

HMAC-MD5-96

[4]

If no IPSec methods are defined (Encryption / Authentication), the default settings (shown

in Table 12-4 below) are applied.

Table 12-4: Default IKE Second Phase Proposals

Encryption Authentication

Proposal 0 3DES SHA1

Proposal 1 3DES MD5

Proposal 2 DES SHA1

Proposal 3 DES MD5

¾ To configure the SPD table using the ini file:

SPD table is configured using ini file tables (described in Section 10.5 on page 267). Each

line in the table refers to a different IP destination.

The Format line (SPD_INDEX in the example below) specifies the order in which the actual

data lines are written. The order of the parameters is irrelevant. Parameters are not

mandatory unless stated otherwise. To support more than one Encryption / Authentication

proposals, for each proposal specify the relevant parameters in the Format line. Note that

the proposal list must be contiguous.

Figure 12-4: Example of an SPD Table

[ IPSEC_SPD_TABLE ]

Format SPD_INDEX = IPSecPolicyRemoteIPAddress, IpsecPolicySrcPort,

IPSecPolicyDStPort,IPSecPolicyProtocol, IPSecPolicyLifeInSec,

IPSecPolicyProposalEncryption_0, IPSecPolicyProposalAuthentication_0,

IPSecPolicyProposalEncryption_1, IPSecPolicyProposalAuthentication_1,

IPSecPolicyKeyExchangeMethodIndex, IPSecPolicyLocalIPAddressType;

IPSEC_SPD_TABLE 0 = 10.11.2.21, 0, 0, 17, 900, 1,2, 2,2 ,1, 0;

[ \IPSEC_SPD_TABLE ]