Manualshelf

User`s manual

ManualsBrandsAudioCodes ManualsComputer equipmentMP-1FXO
281282283284285286287288289290
SIP User's Manual 12. Security
Version 5.0 287 December 2006
12.1.3.3 IPSec and IKE Configuration Table’s Confidentiality
Since the pre-shared key parameter of the IKE table must remain undisclosed, measures
are taken by the ini file, Embedded Web Server and SNMP agent to maintain this
parameter’s confidentiality. On the Embedded Web Server a list of asterisks is displayed
instead of the pre-shared key. On SNMP, the pre-shared key parameter is a write-only
parameter and cannot be read. In the ini file, the following measures to assure the secrecy
of the IPSec and IKE tables are taken:
Hidden IPSec and IKE tables - When uploading the ini file from the gateway the IPSec
and IKE tables are not available. Instead, the notifications (shown in Figure 12-6) are
displayed.
Figure 12-6: Example of an ini File Notification of Missing Tables
;
; *** TABLE IPSEC_IKEDB_TABLE ***
; This table contains hidden elements and will not be exposed.
; This table exists on board and will be saved during restarts
;
;
; *** TABLE IPSEC_SPD_TABLE ***
; This table contains hidden elements and will not be exposed.
; This table exists on board and will be saved during restarts
;
Preserving the values of the parameters in the IPSec and IKE tables from one ini file
loading to the next – The values configured for the parameters in the IPSec tables in
the ini file are preserved from one loading to another. If a newly loaded ini file doesn’t
define IPSec tables, the previously loaded tables remain valid. To invalidate a
previously loaded ini file's IPSec tables, load a new ini file with an empty IPSec table
(shown below).
Figure 12-7: Empty IPSec / IKE Tables
[IPSec_IKEDB_Table]
[\IPSec_IKEDB_Table]
[IPSEC_SPD_TABLE]
[\IPSEC_SPD_TABLE]