Filter
Top Products
Nokia Network Voyager for IPSO 4.0 Reference Guide 339
you can click on the link with the Certificate name in the IPSec General Configuration
page to install the certificate.
10. If you chose Will do it later to make the certificate request, the link on the main IPSec
General Configuration still points to the certificate request page.
You can repeat steps 5 through 8 to install the certificate.
11. If you finished all the steps, two green buttons appear.
You can click on the button under the Certificate column to view the certificate.
Advanced IPSec
The following options are available through the IPSec Advanced Configuration page; the link is
at the bottom of the IPSec General Configuration Page:
Log Level—IPSO IPSec provides three levels of message logging through the syslog
subsystem:
Error (default value)—only error messages or audit messages are logged.
Info—provides minimum information about the successful connections to the system.
Also includes error messages.
Debug—besides the informational messages, gives full details of the negotiations that
the subsystem performs.
Note
In any of the log level options, confidential information (such as secrets or session keys) are
not shown.
Allowing tunnels without logical interfaces
This option allows for the creation of IPSec tunnels that are not associated with a logical
tunnel interface. You can create tunnels without logical interfaces if you want a greater
number of tunnels and to achieve scalability. The Create a logical interface field appears
only if the Allow tunnels without logical interface field is selected to On in the Advanced
Configuration page.
Note
Enabling this option might slow down forwarding of non-IPSec packets.
LDAP servers
IPSO IPSec implementation supports automatic CRL retrieval following the LDAPv2/3
protocol specification (RFC 2251). To retrieve CRL automatically from the centralized
directory enter the URL of the directory server.
Because of different implementations, the internal configuration of the directory server
might not be compatible with IPSO that has implemented LDAP query formats.