User`s manual

ManualsBrandsAudioCodes ManualsNetworkingMediant 1000

321

322

323

324

325

326

327

328

329

330

H.323 User's Manual 13. Security

Version 5.0 327 December 2006

Table 13-3: SPD Table Configuration Parameters

Parameter Name Description

First to Fourth Proposal

Encryption Type

[IPSecPolicyProposalEncrypt

ion_X]

Determines the encryption type used in the quick mode negotiation for up to

four proposals.

X stands for the proposal number (0 to 3).

The valid encryption values are:

Not Defined (default)

None [0] = No encryption

DES-CBC [1]

Triple DES-CBC [2]

AES [3]

First to Fourth Proposal

Authentication Type

[IPSecPolicyProposalAuthent

ication_X]

Determines the authentication protocol used in the quick mode negotiation for

up to four proposals.

X stands for the proposal number (0 to 3).

The valid authentication values are:

Not Defined (default)

HMAC-SHA-1-96 [2]

HMAC-MD5-96 [4]

If no IPSec methods are defined (Encryption / Authentication), the default settings (shown

in Table 13-4 below) are applied.

Table 13-4: Default IKE Second Phase Proposals

Encryption Authentication

Proposal 0 3DES SHA1

Proposal 1 3DES MD5

Proposal 2 DES SHA1

Proposal 3 DES MD5

¾ To configure the SPD table using the ini file:

SPD table is configured using ini file tables (described in Section 11.5 on page 303). Each

line in the table refers to a different IP destination.

The Format line (SPD_INDEX in the example below) specifies the order in which the actual

data lines are written. The order of the parameters is irrelevant. Parameters are not

mandatory unless stated otherwise. To support more than one Encryption / Authentication

proposals, for each proposal specify the relevant parameters in the Format line. Note that

the proposal list must be contiguous.

Figure 13-4: Example of an SPD Table

[ IPSEC_SPD_TABLE ]

Format SPD_INDEX = IPSecPolicyRemoteIPAddress, IpsecPolicySrcPort,

IPSecPolicyDStPort,IPSecPolicyProtocol, IPSecPolicyLifeInSec,

IPSecPolicyProposalEncryption_0, IPSecPolicyProposalAuthentication_0,

IPSecPolicyProposalEncryption_1, IPSecPolicyProposalAuthentication_1,

IPSecPolicyKeyExchangeMethodIndex, IPSecPolicyLocalIPAddressType;

IPSEC_SPD_TABLE 0 = 10.11.2.21, 0, 0, 17, 900, 1,2, 2,2 ,1, 0;

[ \IPSEC_SPD_TABLE ]