Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsIP PhoneOmniAccess 3500
21222324252627282930
Chapter 2. Initialization Tasks
3. Click New. A Connection Manager Tunnel Table (Add) window appears (Figure 16),
displaying the following fields:
o Name: Name of the tunnel profile.
o Identity Type: Type of identifier used to designate the local tunnel endpoint
(residing on the OmniAccess 3500 NLG gateway) in the security association
negotiations. Options (choose one): <EMAIL> (email address, as in
<user@domain.ext>), <FQDN> (Fully Qualified Domain Name, as in
<hostname.localdomain.ext>, <DN> (Distinguished Name, used for
identification of an entry in an LDAP directory, as in <dn: cn=John
Doe,dc=example,dc=com>, where <cn=John Doe> is the Relative Distinguished
Name of the entry and <dc=example,dc=com> is the Distinguished Name of the
parent entry).
o Identity: Identity value for the local tunnel endpoint, specified in the format
required by the <Identity Type> value.
o Algorithms to be used for IPsec Negotiations: Encryption and hashing algorithm
to be used in the IPsec tunnel. Options (choose one): <3DES-SHA1>, <AES128-
SHA1>, <AES192-SHA1>, <AES256-SHA1> (3DES, AES128, AES192, and AES256 are
the encryption algorithms available for selection; the hashing algorithm is SHA-
1 in all cases).
o Algorithms to be used for IKE Negotiations: Encryption and hashing algorithm to
be used for protection of the IKEv2 exchanges. Options (choose one): <3DES-
SHA1>, <AES128-SHA1>, <AES192-SHA1>, <AES256-SHA1> (3DES, AES128,
AES192, and AES256 are the encryption algorithms available for selection; the
hashing algorithm is SHA-1 in all cases).
o Lifetime of the IKE SA in seconds: Maximum duration of the IKEv2 Security
Association that controls the IPsec tunnel between the OmniAccess 3500 NLG
card and the OmniAccess 3500 NLG gateway.
o Lifetime of the IPsec SA in seconds: Maximum duration of the IPsec Security
Association that carries encrypted packets from one end of the secure remote
access connection to the other (i.e., maximum lifetime of a remote-access
tunnel).
4. Click Save.
Note: As the OmniAccess 3500 NLG gateway is first installed, the Rules Table contains
a default set of pre-defined rules. Within the set, the rules with precedence 78, 79,
and 150 must be replicated for every new tunnel profile that is added to the Tunnel
Table. When the first Tunnel Table entry is created, delete the current version of
each rule and replace it with a new version that includes reference to the Tunnel
Table entry in the To Tunnel or From Tunnel field. For subsequent replications of the
rules, simply create new rules with identical structure as the existing ones, but with
reference to the appropriate Tunnel Table entry.
21