Versions Compared

Old Version 5

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version Current

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


CSS Stylesheet
img.confluence-embedded-image { display: inline-block !important; }

Include Page
Not_for_SWe
Not_for_SWe

Note
iconfalse
titlePrerequisites

Before you can create an IPsec Tunnel Entry you need to meet one of the following conditions:

  • A Sonus
    Spacevars
    0company
    Spacevars
    0product2
    Certificate and Trusted CA Certificate must be obtained and imported to the
    Spacevars
    0product2
    when Certificate is selected Authentication Mode list box in the Authentication Parameters panel. Refer to Working with Certificates for information about configuring certificates on the
    Spacevars
    0product2
    .
  • An IPsec license is required to manage IPsec tunnels.

...

Info
iconfalse
titleImportant Information for Previous SIP-TLS Users:
  • When upgrading to version 3.0 existing Sonus
    Spacevars
    0longproduct
    Spacevars
    0product2
    Certificates will fail authentication due to key integrity verification errors when used to bring up the IPsec tunnel in the Certificate authentication mode.
  • Before beginning to manage an IPsec tunnel for Certificate authentication, you must generate a new Certificate Signing Request (CSR), re-sign, and re-import a new Sonus new 
    Spacevars
    0company
    Spacevars
    0product2
    Certificate.

To create or modify an existing IPsec Tunnel:

Excerpt Include
Managing IPSEC IPsec Tunnels
Managing IPSEC IPsec Tunnels
nopaneltrue

Enabling/Disabling Tunnel entries

...

  1. Click the Create IPsec Tunnel Entry ( ) icon on the IPsec Connection Table page.

    Panel
    borderStylenone


    Caption
    0Figure
    1Create IPsec Tunnel Entry

    Image Modified 

     



    Anchor
    properties
    properties

...

Panel
bgColor#FAFAFA
borderStylenone

Specifies whether or not the Subject Alternative Name (SAN) Identifier is used for peer authentication. This field is only visible when Certificate is selected from the "Authentication Mode* select list.

Enabled: The SAN Identifier is sent to the remote gateway for an authentication match. The SAN identifier must be configured in the Local SAN Identifier attribute when this option is Enabled.
Disabled: By default, the Sonus

Spacevars
0company
Spacevars
0product2
Certificate's Subject Distinguished Name (Subject DN) identifier is automatically extracted from the certificate and sent to the remote gateway for an authentication config match.

...

Panel
bgColor#FAFAFA
borderStylenone

Specifies the SAN identifier to be sent to the remote gateway for a peer authentication config match. This field is only available if Enabled is selected in the Use SAN Identifier select list.

If the Peer Authentication Identifier on the remote gateway is configured to authenticate a SAN identifier from the peer's certificate, it will attempt to match its configured SAN identifier with the expected SAN identifier retrieved from the peer authentication config.

If Use SAN Identifier is enabled, the SAN identifier must be picked from a list of DNS names displayed under the local attributes for the

Spacevars
0company
Sonus
Spacevars
0product2
Certificate.

...