Contents 7Configuring the pre-shared key for IKE 122Enabling or disabling PFS 123Configuring IKE proposal 123Configuring OCSP for the IKE policy 128Configuring IPsec for site-to-site VPN 129Creating an IPsec policy 129Configuring anti-replay 129Enabling or disabling the IPsec policy entry 130Specifying the IP stream on which to apply IPsec 130Configuring DH prime modulus group for PFS 131Configuring IPsec proposal 132Configuring remote access IKE policies 137Creating an IKE policy for remote access VPN 137Configuring an IKE proposal for remote access VPN 146Configuring remote access IPsec policies 151Creating an IPsec policy for remote access VPN 151Specifying the IP stream on which to apply IPsec for remote access VPN 152Configuring DH prime modulus group for PFS 153Configuring IPsec proposal template for remote access VPN 154Enabling the dynamic IPsec policy 158Configuring L2TP server for L2TP remote access 159Creating the L2TP remote access interface 159Configuring IP address for the L2TP access interface 159Configuring IPsec protection for the L2TP access interface 160Configuring client parameters for L2TP remote access 161Configuring user parameters for L2TP remote access 161Shutting down the L2TP access interface 162Configuring dead peer detection keepalive 162Enabling dead peer detection 162Configuring the keepalive retry interval 163Configuring the keepalive transmit-interval 163Configuring PMTU 163Configuring DF bit 163Configuring the MTU threshold value 164Configuring processing of unsecured ICMP messages 164Configuring CA trustpoint 165Configuring the certificate enrollment method 165Configuring parameters for the certificate request 166Configuring certificate password 169Authenticating the CA and importing a CA certificate 169Generating a certificate request for enrollment 170Manually importing a self certificate 171Manually importing an OCSP Responder certificate 171Nortel Secure Router 4134Security — Configuration and ManagementNN47263-600 01.02 Standard10.0 3 August 2007Copyright © 2007, Nortel Networks.