
664 Chapter 68 Virtual Private Networks (VPN)
N0060606N0060606
IPSec Branch Office Tunnel configuration
The branch office feature allows you to configure an IPsec tunnel connection between two private
networks. Typically, one private network is behind a locally configured switch while the other is
behind a remote switch. A branch office configuration allows you to configure the accessible
subnetworks behind each switch. The configuration also contains the information that is necessary
to set up the connection, such as the switch IP addresses, encryption types and authentication
methods.
Refer to the following procedures:
• “To add a branch office IPSec tunnel” on page 665
• “To modify a Branch Office IPSec Tunnel” on page 670
• “To delete a branch office IPSec tunnel” on page 672
Branch Office IPSec Tunnel
A Branch Office IPSec Tunnel connects two offices together. The IPSec Tunnel connects the local
Business Communications Manager system to another Business Communications Manager
system, an Extranet Switch or a Nortel Services Edge Router (formerly known as Shasta 5000)
switch.
Supported Encryption Methods
Encryption ESP-AES128-SHA1
ESP-3DES-SHA1
ESP-3DES-MD5
ESP-DES56-SHA1
ESP-DES56-MD5
AH Authentication only
(SHA1)
AH Authentication only
(MD5)
Select the encryption levels that you allow your IPSec tunnels to
use.
The encryption level used for the IPSec tunnel is negotiated when
the tunnel is opened. The encryption levels you select are the
encryption levels that you allow BCM to use for IPSec tunnels.
This is a global setting that applies to all of the IPSec tunnels on
BCM. When you add an IPSec tunnel, you can further restrict the
encryption levels for each tunnel. For more information, refer to
“Branch Office IPSec Tunnel” on page 664.
For a description of the encryption levels, refer to “Encryption” on
page 652.
Supported Diffie-Hellman Groups
Protocol Diffie-Hellman Group 5
(1536-bit)
Diffie-Hellman Group 2
(1024-bit)
Diffie-Hellman Group 1
(768-bit)
Default is Group 2
Diffie-Hellman is a public-key cryptographic protocol that allows
two parties to establish a shared secret over an insecure
communications channel. It is also used within IKE (Internet Key
Exchange) to establish session keys. IPSec uses the
Diffie-Hellman algorithm to provide the keying material for all other
encryption keys.
Higher (larger bit keying material) Diffie-Hellman groups provide
more security but require more processor time.
Banner text for remote
user tunnels
<alphanumeric> Banner Text is the text that appears when a remote user logs into
the BCM using the IPSec VPN Client. You can use this text to
display important information (such as security information) to the
remote user. You can enter a maximum 1000 ASCII characters
Table 25 IPSec Global settings (Sheet 2 of 2)
Attribute Value Description
Komentáře k této Příručce