User`s manual

ManualsBrandsAudioCodes ManualsComputer equipmentMediant 600

311

312

313

314

315

316

317

318

319

320

SIP User's Manual 316 Document #: LTRT-83303

Mediant 1000 & Mediant 600

ini File Parameter Description

IPSecPolicyLifeInSec, IPSecPolicyLifeInKB,

IPSecPolicyProposalEncryption_X,

IPSecPolicyProposalAuthentication_X,

IPSecPolicyKeyExchangeMethodIndex,

IPSecPolicyLocalIPAddressType,

IPSecPolicyRemoteTunnelIPAddress, IPsecPolicyRemoteSubnetMask;

[\IPSEC_SPD_TABLE]

Where,

 Mode = IPSec mode of operation: [0] Transport, [1] Tunneling.

 PolicyRemoteIPAddress = Destination IP address (or FQDN) to which

the IPSec mechanism is applied.

 PolicySrcPort = Source port to which the IPSec mechanism is applied.

 PolicyDStPort = Destination port to which the IPSec mechanism is

applied.

 PolicyProtocol = Protocol type to which the IPSec mechanism is

applied: [0] Any protocol (default), [17] (UDP), [6] (TCP), any other

protocol type defined by IANA (Internet Assigned Numbers Authority).

 PolicyLifeInSec = Time (in seconds) that the SA negotiated in the

second IKE session (quick mode) is valid. After the time expires, the SA

is re-negotiated.

 PolicyLifeInKB = Lifetime (in kilobytes) that the SA negotiated in the

second IKE session (quick mode) is valid. After this size is reached, the

SA is re-negotiated.

 PolicyProposalEncryption_X = Encryption type used in the quick mode

negotiation for up to four proposals (X depicts the proposal number 0 to

3): [0] No encryption, [1] DES-CBC, [2] Triple DES-CBC, [3] AES-CBC.

 PolicyProposalAuthentication_X = Authentication protocol used in the

quick mode negotiation for up to four proposals (X depicts the proposal

number 0 to 3): [2] HMAC-SHA-1-96, [4] HMAC-MD5-96.

 PolicyKeyExchangeMethodIndex = Index for the corresponding IKE

entry.

 PolicyLocalIPAddressType = Local interface to which the encryption is

applied (applicable to multiple IPs and VLANs): [0] OAMP, [1] Control.

 PolicyRemoteTunnelIPAddress = IP address of the remote IPSec

tunneling device.

 PolicyRemoteSubnetMask = subnet mask of the remote IPSec

tunneling device.

For example:

[IPSEC_SPD_TABLE]

Format SPD_INDEX = IPSecMode, IPSecPolicyRemoteIPAddress,

IpsecPolicySrcPort, IPSecPolicyDStPort,IPSecPolicyProtocol,

IPSecPolicyLifeInSec, IPSecPolicyProposalEncryption_0,

IPSecPolicyProposalAuthentication_0, IPSecPolicyProposalEncryption_1,

IPSecPolicyProposalAuthentication_1,

IPSecPolicyKeyExchangeMethodIndex, IPSecPolicyLocalIPAddressType;

IPSEC_SPD_TABLE 0 = 0, 10.11.2.21, 0, 0, 17, 900, 1,2, 2,2 ,1, 0;

[\IPSEC_SPD_TABLE]

In the example above, all packets designated to IP address 10.11.2.21 that

originate from the OAMP interface (regardless of their destination and

source ports) and whose protocol is UDP are encrypted. The IPSec SPD

also defines an SA lifetime of 900 seconds and two security proposals