User`s manual

H.323 User's Manual 13. Security

Version 5.0 329 December 2006

13.1.3.3 IPSec and IKE Configuration Table’s Confidentiality

Since the pre-shared key parameter of the IKE table must remain undisclosed, measures

are taken by the ini file, Embedded Web Server and SNMP agent to maintain this

parameter’s confidentiality. On the Embedded Web Server a list of asterisks is displayed

instead of the pre-shared key. On SNMP, the pre-shared key parameter is a write-only

parameter and cannot be read. In the ini file, the following measures to assure the secrecy

of the IPSec and IKE tables are taken:

 Hidden IPSec and IKE tables: When uploading the ini file from the gateway, the

IPSec and IKE tables are not available. Instead, the notifications (shown in Figure

13-6) are displayed.

Figure 13-6: Example of an ini File Notification of Missing Tables

;

; *** TABLE IPSEC_IKEDB_TABLE ***

; This table contains hidden elements and will not be exposed.

; This table exists on board and will be saved during restarts

;

; *** TABLE IPSEC_SPD_TABLE ***

; This table contains hidden elements and will not be exposed.

; This table exists on board and will be saved during restarts

;

 Preserving the values of the parameters in the IPSec and IKE tables from one ini

file loading to the next: The values configured for the parameters in the IPSec tables

in the ini file are preserved from one loading to another. If a newly loaded ini file

doesn’t define IPSec tables, the previously loaded tables remain valid. To invalidate a

previously loaded ini file's IPSec tables, load a new ini file with an empty IPSec table

(shown below).

Figure 13-7: Empty IPSec / IKE Tables

[IPSec_IKEDB_Table]

[\IPSec_IKEDB_Table]

[IPSEC_SPD_TABLE]

[\IPSEC_SPD_TABLE]