Chapter 2 Configuring servers 25Nortel VPN Router Security — Servers, Authentication, and CertificatesThe VPN Router centrally stores remote access profiles and corporate networkingdetails such as the addressing mechanism in an LDAP server; for example, groupattributes including hours of access, filters, and authentication servers. The VPNRouter queries the LDAP server for access information when a user establishes atunnel connection. You can service the LDAP query locally by the internal LDAPserver or you can redirect it to an external LDAP server, such as the NetscapeDirectory Server.LDAP encryption keysYou can use either a user-defined or a default Lightweight Directory AccessProtocol (LDAP) encryption key. This key can either be 8 bytes (DES) or 24 bytes(3DES) in length.By default, the VPN Router uses the Data Encryption Standard (DES), andtherefore an 8-byte key for LDAP-stored passwords. To use a 24-byte key, youmust first enable Triple DES (3DES) encryption. If you enable 3DES, a 24-bytepassword is required.Only passwords stored in the LDAP file are affected by this new feature. Anypasswords stored in the configuration file remain unchanged.The first time that you enable 3DES and configure a 24-byte encryption key, theVPN Router updates the LDAP. This can take some time, depending on the size ofthe user base.Configuration informationInternal and external LDAP keys are stored in flash memory. A hash is calculatedfrom the user-defined key and stored in the LDAP file.To restore a VPN Router to the default internal key:• the VPN Router must be set to factory default (this clears the key saved inflash), andNote: Novell Directory Services and Novell eDirectory are notsupported.