In this section:
The Sonus Lawful Intercept (LI) solution supports the following:
admin
user. Under Network Mgmnt, click Cluster / VNF Management. The Cluster/VNF Management window is displayed.
Create cluster. For more information on creating a cluster from the EMS, refer to the "Creating an SBC SWe Cluster" in the EMS documentation.
Click Configurations tab.
Click New Configuration. The New Configuration pane is displayed.
Select the version of the configuration from the Version drop-down menu.
Select an SBC Configurator instance from the Master Configurator drop-down menu.
This node is used to create the configuration. The SBC Configurator nodes are displayed based on the version selected. Only unlocked SBC Configurator nodes are listed.
Enter a name for the configuration in the Configuration Name field. The SBC configuration name can contain letters, numbers, dashes (-), apostrophes ('), underscores (_), colons (:) and spaces.
The cluster ID is set as the default name for the first configuration. Subsequent configurations are named with a combination of cluster name and some unique identifying information. The default name varies based on how the configuration is created. If you modify the name, ensure it is unique.
Click Create. A circular progress bar is displayed against the Master Configurator node. It requires minimum of six minutes to load the master configuration.
When the Master Configurator node is loaded, the Open Editor button is displayed next to the Master Configurator node.
Click Open Editor. The SBC Configuration Manager window is displayed.
Click IKE Protection Profile > New IKE Protection Profile.
The Create New IKE Protection Profile window is displayed.
Type the profile Name, SA Lifetime Time, and DPD Interval. Choose the appropriate option in PFS Required.
Click Save.
Click IKE Protection Profile > New IKE Protection Profile > Algorithms.
In IKE Protection Profile drop-down menu, choose the desired profile to view its respective Algorithm parameters. The Algorithms window is displayed.
Choose the relevant parameters, and click Save.
The object specifies the name of the Internet Key Exchange (IKE) peer database entry that identifies an entry in the IKE Peer Database (IPD). The IPD is a list of remote devices that may become IPsec peers. The IPD establishes the authentication and other phase 1 criteria for the peer-to-peer negotiation to eventually reach an IKE Security Association (SA) between this specific peer and the SBC.
On the navigation pane, choose Address Context > IPsec > Peer. Click New Peer.
The Create New Peer window is displayed.
Parameter | Description |
---|---|
| Specifies the name of the peer you are configuring. |
| Specifies the 32-bit IP address of the Peer. |
| The SPD traffic selector IP PROTOCOL. Valid values for this parameter are:
|
| Specifies the Pre-shared secret with this peer. The
In either case the given value represents a pre-shared secret between the SBC and the IKE peer. This value is used for mutual authentication for phase 1 negotiation to set up an IKE Security association. Sonus recommends using unpredictable (difficult to guess) values. Use a unique value for each IKE peer. This string is never displayed in plain text when using the
show commands. |
| The name of the IKE protection profile to be applied to the Key management protocol exchange with the peer. |
Local Identity | This object specifies the local identity type that SBC asserts to the peer during phase 1 authentication. |
The ipVxAddr
attribute is not used at this time. If it is present, ignore it.
In Address Context drop-down menu, choose the Peer. The Peer List is displayed.
Click the radio button adjacent to Peer name.
The Edit Selected Peer window is displayed.
Modify the relevant parameters, and click Save.
Click the radio button adjacent to the Peer. Click Copy Peer.
The Copy Selected Peer window is displayed.
Type the relevant parameters, and click Save.
The ipVxAddr
attribute is not used at this time. If it is present, ignore it.
Click the radio button adjacent to the Peer. Click Delete.
A delete confirmation message appears. Click Yes.
The object specifies the local identity type that SBC asserts to the peer during phase 1 authentication.
On the navigation pane, choose Address Context > IPsec > Peer > Local Identity. The Local Identity window is displayed.
In Address Context drop-down menu, choose the Local Identity.
IN Peer drop-down menu, choose the Peer.
Click Save.
The ipVxAddr
attribute is not used at this time. If it is present, ignore it.
The object specifies the remote Identity that SBC asserts to the PEER during phase 1 authentication.
On the navigation pane, choose Address Context > IPsec > Peer > Remote Identity. The Remote Identity window is displayed.
In Address Context drop-down menu, choose the Remote Identity.
IN Peer drop-down menu, choose the Peer.
Click Save.
The object is used to configure SPD for the SBC. The SPD establishes the phase 2 criteria for the negotiation between the SBC and the IKE peer. The successful completion of this negotiation results in a Security Association (SA).
On the navigation pane, choose Address Context > IPsec > SPD. The SPD window is displayed.
Type relevant parameters, and click Save.
On the navigation pane, choose Address Context > IPsec > SPD. The SPD window is displayed.
In Address Context drop-down menu, choose the appropriate address context to view the SPD.
Click the radio button adjacent to SPD name.
The Edit Selected SPD window is displayed.
Modify the relevant parameters, and click Save.
Click the radio button adjacent to SPD name. Click Copy SDP.
The Copy Selected SPD window is displayed.
Type the relevant parameters, and click Save.
Click the radio button adjacent to the SPD. Click Delete.
A delete confirmation message appears. Click Yes.