#############################################################
## Avaya 46VPN IP Telephone Settings Script
## File Created on: 05/21/2007
## See the LAN Administrators Guide for
## more details on using this file.


## Use "##" without quotes to comment out a line.
## To activate a setting below, set the parameter
## to the appropriate value for your network and
## remove the "## " from the beginning of the line.

## To include whitespaces in a value, 
## the entire value must be enclosed in double quotes.
## example:
## SET PARAM "value1 value2"

## To set different set types to different values, use
## the "IF" keyword statement.
## See the LAN Administrators Guide for more details.

## Some of the values listed below have default settings which
## are used by the IP Telephones even if they are commented out
## in this file. For a list of those settings and their default
## values, see the LAN Administrators Guide.
##
##

############################################################################## 
## NOTE : It is highly recommended to use the 46vpnsetting_template.txt
## for building the customized 46vpnsetting.txt file for your VPN environment.
##############################################################################

## Variable Name : NVVPNMODE
## Valid Values 
##    0  DISABLE
##    1  BOOT
##    2  SCRIPT
## Default Value
##    2  SCRIPT
## Description
##    This variable dictates when the VPN Client is started. If it's value is
##    1, VPN Client is started immediately after TCP/IP stack is initialized,
##    If it's value is 2, VPN Client is started after downloading and processing
##    script file(s) from file server.
## Example : Setting VPN startup mode to BOOT.
## SET NVVPNMODE 1


## Variable Name : NVVPNCFGPROF
## Valid Values
##    1  Avaya Security Gateway
##    2  Checkpoint
##    3  Cisco Xauth with Preshared Key
##    5  Juniper/Netscreen Xauth with Preshared Key
##    6  Generic Preshared key
##    8  Cisco xauth with certificates
##    9  Juniper Xauth with certificates.
##    11 Nortel contivity
## Default Value
##    NONE
## Description
##    Set this to 1 if Security Gateway Vendor is Avaya.
##    Set this to 3 if Security Gateway Vendor is Cisco and Xauth is used for 
##       authenticating phone user.
##    Set this to 5 if Security Gateway Vendor is Juniper, Xauth is used for 
##       authenticating phone user.
##    Set this to 6 if Security Gateway Vendor does not support Xauth.
##    Following Variables are set to specified value when NVVPNCFGPROF = 1
##       NVIKECONFIGMODE        2 
##    Following Variables are set to specified value when NVVPNCFGPROF = 3
##       NVIKECONFIGMODE   1
##       NVIKEIDTYPE       11
##       NVIKEXCHGMODE     1
##    Following Variables are set to specified value when NVVPNCFGPROF = 5
##       NVIKECONFIGMODE   1
##       NVIKEIDTYPE       3
##       NVIKEXCHGMODE     1
##    Following Variables are set to specified value when NVVPNCFGPROF = 6
##       NVIKECONFIGMODE   2
##       NVIKEIDTYPE       3
##       NVIKEXCHGMODE     1
##    Following variables are set to specified value when NVVPNCFGPROF = 2
##       NVIKECONFIGMODE  1
##       NVIKEIDTYPE      11
##       NVIKEOVERTCP     1
##       NVIKEXCGMODE	  2
##    Following variables are set to specified value when NVVPNCFGPROF = 11
##       NVIKECONFIGMODE  1
##       NVIKEIDTYPE      11
##       NVIKEXCGMODE	  1
##    Following variables are set to specified value when NVVPNCFGPROF = 8
##       NVIKECONFIGMODE  1
##       NVIKEIDTYPE      11
##       NVIKEXCGMODE	  1
##    Following variables are set to specified value when NVVPNCFGPROF = 9
##       NVIKECONFIGMODE  1
##       NVIKEIDTYPE      3
##       NVIKEXCGMODE	  1
## NOTE : SET commands for all the dependent variables mentioned above must 
##       appear after SET command for NVVPNCFGPROF.
## Example : Setting VPN Configuration profile to "Avaya Security Gateway"
## SET NVVPNCFGPROF    1


## Variable Name : NVVPNAUTHTYPE
## Valid Values
##    1    CHAP
##    2    PAP
## Default Value
##    2
## Description
##    This variable is valid only if NVVPNCFGPROF is 1. If firmware version of
##    Avaya Security Gateway Version is 4 or above, the default value need not 
##    be changed.
## Example : Setting authentication method to CHAP
## SET NVVPNAUTHTYPE 1


## Variable Name : NVSGIP
## Valid Values
##    String. Length of the string cannot exceed 30 characters.
## Description
##   This variable contains the ip address or fully qualified domain name of 
##   the primary security gateway.
## Example : Setting primarysg.mycompany.com as the primary security gateway's 
##          FQDN.
## SET NVSGIP primarysg.mycompany.com
##
## Example : Setting 10.1.1.1 as the primary security gateway's IP address.
## SET NVSGIP 10.1.1.1


## Variable Name : NVBACKUPSGIP
## Valid Values
##    Comma seperated multiple strings. Length of individual string must not
##    exceed 30 characters and total number of strings cannot exceed 4.
## Description
##    This variable contains the ip address or fully qualified domain name of
##    the backup security gateways. VPN Client tries to connect to the security
##    gateways in this list if it could not connect with the primary security 
##    gateway.
## Example : Setting bk1sg.mycompany.com,bk2.mycompany.com and 10.1.1.2 as the
##    backup security gateways.
## SET NVBACKUPSGIP bk1sg.mycompany.com,bk2.mycompany.com,10.1.1.2



## Variable Name : NVVPNUSER
## Valid Values
##    String, Length of the string cannot exceed 30 characters.
## Description
##    This variable contains the VPN User Name. In most cases this value will 
##    be unique to each phone hence should not be specified here. However it
##    is possible to force the VPN client in the phone to use phone's mac 
##    address or serial number as user name thus eliminating the need to enter
##    user name by the phone user via phone keypad. In such cases you need to
##    add each phone's serial number or mac address in your authentication
##    database.
## Example : Setting phone's mac address as VPN user name.
## SET NVVPNUSER %MACADDR%
## Example : Setting phone's serial number as VPN user name.
## SET NVVPNUSER %SERIALNUM%


## Variable Name : NVVPNPSWDTYPE
## Valid Values
##    1  Save in Flash.
##    2  Erase on power-off.
##    3  Numeric One Time Password.
##    4  Alpha-Numeric One Time Password.
## Description
##    This variables determines how password should be treated. By default 
##    password type is set to 1. You must set this variable to 3 or 4 if
##    using One Time Password such as SecureID from RSA. 
## Note 
##    Setting password type to 3 will not let the user select "Alpahbets" 
##    while entering password. This might look like an obvious choice when
##    using RSA secure ID tokens. However under some conditions user may 
##    need to respond back by entering 'y' or 'n' in the password field.
##    This could happen if RSA ACE server is configured to generate PIN 
##    instead of letting the user select a PIN.
## Example : Setting password type to 2 (Erase on power-off)
## SET NVVPNPSWDTYPE 2


## Variable Name : NVVPNFILESRVR
## Valid Values
##    String. Length of the string cannot exceed 30 characters.
## Description
##    This variable contains the URL of the file server. A file server URL
##    consist of following components 
##       (1) Download Method (HTTP,HTTPS,TFTP).
##       (2) FQDN or actual IP address of the file server.
##       (3) Service port (80 for HTTP and 411 for HTTPS).
##       (4) Path (NONE).
##    All the components specfied above except for the FQDN/IP Address has a
##    default value. If download method is omitted from the URL, Phone attempts
##    to download the script file using all the methods. 
## Example
## (1) SET NVVPNFILESRVR tftp://srv.domain.com/phone/
## (2) SET NVVPNFILESRVR tftp://10.1.1.1/phone/
## (3) SET NVVPNFILESRVR http://10.1.1.1:8080/phone
## (4) SET NVVPNFILESRVR https://10.1.1.1/phone
## (5) SET NVVPNFILESRVR 10.1.1.1
## The 1st Example above will set the download method to TFTP, 
##    TFTPDIR to phone and TFTP Server FQDN to srv.domain.com
## The 2nd Example above will set the download method to TFTP, 
##    TFTPDIR to phone and TFTP Server IP Address to 10.1.1.1
## The 3rd Example above will set the download method to HTTP, 
##    HTTP Server port to 8080,HTTPDIR to phone and HTTP Server
##    IP Address to 10.1.1.1
## The 4th Example above will set the download method to HTTPS,
##    HTTP Server port to 1443, HTTPDIR to phone and HTTP Server
##    IP Address to 10.1.1.1
## The 5th Example above will set the download method to ALL.
##    In this example phone will first attempt HTTPS if that fails
##    it tries HTTP and finally TFTP.
##
## Note : 4625 models donot support HTTPS or HTTP download mecthod. If phone 
##    population consist of mix of 4620SW and 4625 phones use IF command to
##    conditionally deliver File Server URLs.
##
## Note : Service port is ignored if download method is HTTPS or TFTP.
##
## Example : Delivering TFTP url to 4625 models and HTTP to 4620SW and 4610 
##    models. In this example we assume that TFTP and HTTP service is running
##    on the same machine.
## 
##    IF $MODEL4 SEQ 4625 goto tftpmethod
##    SET NVVPNFILESRVR http://10.1.1.1
##    goto flsrvrend
##    # tftpmethod
##    SET NVVPNFILESRVR tftp://10.1.1.1
##    # flsrvrend


## Variable Name : NVVPNCOPYTOS
## Valid Values
##    1  YES
##    2  NO
## Description 
##    Value of this variable decides whether TOS bits should be copied from
##    inner header to outer header or not. If it's value is 1, TOS bits are
##    copied otherwise not. By default TOS bits are not copied from inner
##    header to outer header. Some Internet Service Provider don't route the
##    IP packets properly if TOS bits are set to anything other than 0.
##
## Example
##    SET NVVPNCOPYTOS 1
## Note
##    It is highly recommended that this value should not be changed if phone
##    is downloading the script over the VPN tunnel in order to avoid 
##    overriding end user setting due to ISP specific issues. For example you
##    can set this value to 1 while provisioning phone with VPN firmware so 
##    that phone can take advantage of QOS service provided by home router but
##    if the phone's ISP (Few percent cases) does not handle properly the 
##    packets with non-zero TOS bits in IP header, phone user will have to
##    revert back this value to 2. Under such circumstances it is desirable
##    the user's choice don't get overriden every time script is downloaded.
##
## Example : Setting NVVPNCOPYTOS to 1 if script is not downloaded over VPN 
##    tunnel.
##
##    IF $VPNACTIVE SEQ 1 goto skipcopytos
##    SET NVVPNCOPYTOS 1
##    # skipcopytos


## Variable Name : NVVPNENCAPS
## Valid Values
##    0  4500-4500
##    1  Disable
##    2  2070-500
##    4  RFC (As per RFC 3947 and 3948)
## Description
##    Type of UDP encapsulation method to use if there is a NAT device between
##    phone and the security gateway. By default UDP Encapsulation 4500-4500
##    is used. 
##    If NVVPNENCAPS is 0, ike negotiation starts with source port of 2070
##       and destination port 500. Negotiation switches to port source port
##       4500 and destination port 4500 if peer supports port floating (Ref 
##       RFC 3947,3948). Finally IPsec traffic is send inside UDP packets 
##       from/to port 4500 if supported by peer or port 2070<->500 if port
##       floating is not supported but UDP encapsulation is supported as 
##       published in the initial draft versions of RFC 3947 and 3948.
##     If NVVPNENCAPS is 1, ike nat traversal is completly disabled.
##     If NVVPNENCAPS is 2, Port floating is disabled during IKE nat traversal.
##     If NVVPNENCAPS is 4, ike negotiation starts with source port of 500 and
##       destination port 500. Negotiation switches to port source port 4500
##       and destination port 4500 if peer supports port floating (Ref RFC 3947
##       and 3948). Finally IPsec traffic is send inside UDP packets from/to 
##       port 4500 if supported by peer or port 500<->500 if port floating is 
##       not supported but UDP encapsulation is supported as published in the
##       initial draft versions of RFC 3947 and 3948.
## Note
##    UDP Encapsulation causes overhead hence it might be desirable to disable
##    udp encapsulation if NAT device supports IPsec pass through and there is
##    only one IPsec client behind the NAT connecting to the same security 
##    gateway. However not all devices support IPsec pass through hence this
##    value must not be pushed if phone is downloading the script over the VPN
##    tunnel.
##
## Example : Setting NVVPNENCAPS to 1 if script is not downloaded over VPN tunnel.
##
##          IF $VPNACTIVE SEQ 1 goto skipencaps
##          SET NVVPNENCAPS 1
##          # skipencaps
##
## The example above will set NVVPNENCAPS to 1 if script is not downloaded over the 
## tunnel.



## Variable Name : NVVPNCONCHECK
## Valid Values
##    1  First time
##    2  Never
##    3  Always
## Description
##    A tunnel connectivity check is performed after tunnel is setup. If 
##    connectivity check fails, tunnel is setup with a different encapsulation
##    method until all the available encapsulation method are attempted or 
##    connectivity check is successful. This variable decides if this check
##    should be performed at the end of tunnel setup process and if it has to 
##    be performed, how it should behave in the event of connectivity check 
##    failure. By default it's value is 1 which means that tunnel connectivity
##    check is performed the very first time only and it's value is changed
##    to 2 after completion of connectivity check (success or failure).
##    If this variable's value is 3 tunnel connectivity check is always 
##    performed after tunnel is setup.
##
## Example : Disabling tunnel connectivity check.
##            SET  NVVPNCONCHECK 2


## Variable Name : VPNMONFRQ
## Valid Values
##    Integer greater than or equal to 5
## Description
##    If a syslog server ip address is specified (LOGSRVR) and VPNMONFRQ
##    contains a valid value, phone sends a syslog message every VPNMONFRQ
##    minutes. This message contains following data points 
##    (1) Duration for which phone has been up in minutes.
##    (2) Number of times phone lost contact with the Security Gateway but 
##        successfully recovered without rebooting.
##    (3) IP Address of the Security Gateway to which the phone is connected.
##    (4) Cumulative IPsec stats (Packets sent, recieved, errors encountered)
##
## Example : Setting VPN monitoring frequency to 20 minutes
##    SET VPNMONFRQ 20


########################################################################
##  Variables listed below from this point onwards are not applicable ## 
##  if NVVPNCFGPROF is 1                                              ##
########################################################################
#######

## Variable Name : NVIKEPSK
## Valid Values
##    String. Length of the string cannot exceed 30 characters.
## Description
##    Preshared Key to use during phase 1 negotiation.
## Note 
##    It is recommened that user enter his/her Preshared Key using phone's 
##    dialpad. However if you don't want to share PSK with the end user 
##    because it's common for multiple users you can use this variable to 
##    push PSK (Group password) to each phone and the end user will never
##    know what the PSK is. But if you are doing this, make sure that the file 
##    server is on an isolated network and is used only for provisioning
##    VPN parameters to the phones.
## Example : Setting abc1234 as Preshared Key
##    SET NVIKEPSK abc1234 




## Variable Name : NVIKEID
## Valid Values 
##     String. Length of the string cannot exceed 30 characters.
## Description
##     Phone uses this string as IKE Identifier during phase 1 negotiation. 
##     Some XAuth documentation refer to this variable as group name because 
##     same    IKE Id is shared among a group of user and indvidual user 
##     authentication is done using XAuth after establishing IKE phase 1 
##     security association.
## Note 
##     If this variable is left uninitialized, phone uses "VPNPHONE" as the IKE 
##     Identifier.
##
## Example : Setting IKE Id as phones@sales.com
##     SET NVIKEID phones@sales.com


## Variable Name
##            NVIKEIDTYPE
## Valid Values
##    1    IP Address
##    2    FQDN
##    3    User-FQDN (E-Mail)
##    9    Directory-Name
##    11    KEY-ID (Opaque)
## Description
##    Phone uses this variable as the IKE Identifier type for the 
##    IKE-ID specified via NVIKEID variable.
## Note
##    This variable default value depends on the value of variable 
##    NVVPNCFGPROF.
##
## Example : Setting IKE ID type to FQDN
##    SET NVIKEIDTYPE   2


## Variable Name : NVIPSECSUBNET
## Valid Values
##     Comma separated list of strings containing subnet and masks. Number of
##     strings cannot exceed 5.
## Description
##     This variable contains IP subnets protected by the security gateway.
##     By default phone assumes that all the network resources are behind 
##     the security gateway hence it negotiates for a security association
##     between it's IP address (or Virtual IP if delevired via IKE Config 
##     mode) and 0.0.0.0 with the security gateway. If your security gateway
##     is configured to allow building security association for only selected
##     subnets, you can specify them here.
##            
## Example : 
##     Configuring 10.1.12.0/24 and 172.16.0.0/16 as the subnets protected by
##     the Security Gateway
##     SET NVIPSECSUBNET 10.1.12.0/24,172.16.0.0/16
##                      OR
##     SET NVIPSECSUBNET 10.1.12.0/255.255.255.0,172.16.0.0/255.255.0.0


## Variable Name : NVIKEDHGRP
## Valid Values
##    1    Diffie-Hellman Group 1
##    2    Diffie-Hellman Group 2
##    5    Diffie-Hellman Group 5
## Description
##    This variable contains the value of DH group to use during phase 1 
##    negotiation. By default phone uses Group 2.
##
## Example : Setting DH Group 1 for phase 1.
##    SET NVIKEDHGRP 1


## Variable Name : NVPFSDHGRP
## Valid Values
##    0    No-PFS
##    1    Diffie-Hellman Group 1
##    2    Diffie-Hellman Group 2
##    5    Diffie-Hellman Group 5
## Description
##    This variable contains the value of DH group to use during phase 2 
##    negotiation for establishing IPsec security associations also known
##    as perfect forward secrecy (PFS).
##    By default PFS is disabled.
##
## Example : Setting DH Group 2 for phase PFS.
##    SET NVPFSDHGRP 


## Variable Name : NVIKEP1ENCALG
## Valid Values
##    0    ANY
##    1    AES-128
##    2    3DES
##    3    DES
##    4    AES-192
##    5    AES-256
## Description
##    Encryption Algorithms to propose for IKE Phase 1 Security Association.
## Note
##    Phone by default proposes all encryption algorithm. Security Gateway
##    picks the algorthm mandated by administrator. Prioirity order of 
##    algorithms proposed by phone is AES-128,3DES,DES,AES-192.AES-256.
##    In very rare circumstances security gateway may not handle multiple
##    proposals. In such cases only you should try overriding the default 
##    behaviour.
##
## Example : Setting Encryption Alg to AES-128
##            SET NVIKEP1ENCALG 1

## Variable Name : NVIKEP2ENCALG
## Valid Values
##     0    ANY
##     1    AES-128
##     2    3DES
##     3    DES
##     4    AES-192
##     5    AES-256
## Description
##     Encryption Algorithm(s) to propose for IKE Phase 2 Security 
##     Association.
## Note
##    Phone by default proposes all encryption algorithm. Security Gateway
##    picks the algorithm mandated by administrator. Priority order of 
##    algorithms proposed by phone is AES-128,3DES,DES,AES-192.AES-256.
##    In very rare circumstances security gateway may not handle multiple
##    proposals. In such cases only you should try overriding the default
##    behaviour.
##
## Example : Setting Encryption Alg to AES-128
##    SET NVIKEP2ENCALG 1

## Variable Name : NVIKEP1AUTHALG
## Valid Values
##    0    ANY
##    1    MD5
##    2    SHA1
## Description
##    Authentication Algorithm(s) to propose for IKE phase 1 Security 
##    Association.
## Note
##    Phone by default proposes all Authentication algorithms. Security 
##    Gateway picks the algorithm mandated by administrator. Prioirity order
##    of algorithims proposed by phone is MD5,SHA1. In very rare circumstances
##    security gateway may not handle multiple proposals. In such cases 
##    only you should try overriding the default behaviour.
##
## Example : Setting Authentication Alg to SHA1
##    SET NVIKEP1AUTHALG 1
 

## Variable Name : NVIKEP2AUTHALG
## Valid Values
##    0    ANY
##    1    MD5
##    2    SHA1
## Description
##    Authentication Algorithim(s) to propose for IKE phase 2 Security 
##    Association
## Note
##    Phone by default proposes all Authentication algorithms. Security 
##    Gateway picks the algorithm mandated by administrator. Priority order
##    of algorithms proposed by phone is MD5,SHA1. In very rare circumstances
##    security gateway may not handle multiple proposals. In such cases
##    only you should try overriding the default behaviour.
##
## Example : Setting Authentication Alg to SHA1
##    SET NVIKEP2AUTHALG 1


## Variable Name : TRUSTCERTS
## Valid Values 
##     Name of a file containing CA certificate
##     in PEM format. Length of the file name
##     cannot be more than 16 characters.
## Description 
##     Use this variable to import CA
##     certificates. The certificate presented 
##     by peer is validated against the list of
##     CAs imported through this command. Maximum
##     number of CAs that can be imported is limited
##     to 5.
## Note
##     In case of Certificate based VPN, such as
##     Certificate Xauth and Hybrid Xauth if issuer 
##     of the certificate presented by security gateway 
##     is not found in the trusted CA list, phone displays
##     the finger print of the certificate sent by 
##     security gateway.
## Example
## 	SET TRUSTCERTS CA1.CRT,CA2.CRT,CA3.CRT

## Variable Name : NORTELAUTH
## Valid Values 
##     1 or "password"
##     2 or "radius"
##     3 or "secureid"
##     4 or "axent"
## Description
##     Use this variable to configure Authentication method for Nortel
##     Contivity.
##
## Example (User is configured locally on Nortel Switch)
##     SET NORTELAUTH 1
##     SET NORTELAUTH "password"
## Example (User is configured externally on a RADIUS sever)
##     SET NORTELAUTH 2
##     SET NORTELAUTH "radius"
## Example (User is configured externally on a RSA Ace server)
##     SET NORTELAUTH 3
##     SET NORTELAUTH "secureid"


## Variable Name : NVXAUTH
## Valid Values 
##     1 or "Enable"
##     2 or "Disable"
## Description
##     Use this variable to disable XAuth based user authentication
##     for profiles which enable XAuth by default.
##
## Example (XAuth based user authentication required)
##     SET NVXAUTH "Enable"
##     SET NVXAUTH 1
## Example (XAuth based user authentication not required)
##     SET NVXAUTH "Disable"
##     SET NVXAUTH 2


## Variable Name : NVIKECERTVERIFYLEVEL
## Valid Values
##     128
##     129
##     130
##     131
## Description
##     Use this variable to enable/disable the Date/Time and Domain Name 
##     verification of the certificate presented by security gateway 
##     during IKE negotiation.
##     
## Example (Disable both Date/Time and Domain Name verification)
##     SET NVIKECERTVERIFYLEVEL	128
## Example (Enable Date/Time verification only)
##     SET NVIKECERTVERIFYLEVEL	129
## Example (Enable Domain Name verification only)
##     SET NVIKECERTVERIFYLEVEL	130
## Example (Enable both Date/Time and Domain Name verification)
##     SET NVIKECERTVERIFYLEVEL	131


## Variable Name : QTEST
## Valid Values
##     1 or "Enable"
##     2 or "Disable"
## Description
##     Use this variable to enable or disable QTEST at startup.
##     By default QTEST is disabled at startup.
## Example (Enabling QTEST at startup)
##     SET QTEST 1
##     SET QTEST "Enable"
## Example (Disabling QTEST at startup)
##     SET QTEST 2
##     SET QTEST "Disable"

## Variable Name : QTESTRESPONDER
## Valid Values
##     IP Address of the host acting as QTESTRESPONDER in dotted
##     decimal format.
##
## Description
##     If this information is supplied, phone performs QTEST using 
##     UDP Echo port 7 with the host indicated by this variable.
## Example (Setting 10.1.1.1 as the QTEST responder)
##     SET QTESTRESPONDER 10.1.1.1


## Variable Name : MYCERTURL
## Valid Values
##     URL for enrolling with a SCEP fronted Certificate Authority.
##
## Description
##     If this information is supplied, phone generates a RSA key pair
##     and sends the enrollment request using SCEP protocol to the 
##     server pointed by this URL. Consult your CA administrator guide
##     for further information regarding SCEP support.
## Example
##     SET MYCERTURL "http://10.1.1.1/mscep/mscep.dll"


## Variable Name : MYCERTCN
## Valid values
##     $MACADDR
##     $SERIALNO
##
## Description
##     If value of this variable is set to $MACADDR, phone uses it's 
##        MAC Address as the CN component of the certificate request
##     If value of this variable is set to $SERIALNO, phone uses it's
##        Serial Number as the CN component of the certificate request.
## Example 
##     SET MYCERTCN $MACADDR


## Variable Name : SCEPPASSWORDREQ
## Valid values
##      0
##      1
##
## Description
##      If value of this variable is set to 1, phone user is prompted to
##        enter challenge pass phrase during SCEP certificate enrollment.
##      If value of this variable is set to 0, phone uses the challenge
##        pass phrase as indicated by SCEPPASSWORD variable.
##
## Note
##      Consult your Certificate Authrority administrator guide for HOWTO
##      configure pass phrase for SCEP certificate enrollment.
##
## Example (Prompt user for entering challenge pass phrase)
##      SET SCEPPASSWORDREQ 1


## Variable Name : SCEPPASSWORD
## Valid values
##      String
##
## Description
##      The string specified here is used by phone as the SCEP challenge pass
##      phrase for SCEP certificate enrollment. If left unspecified and 
##      SCEPPASSWORDREQ is SET to 0, phone uses it's SERIAL number as the challenge
##      pass phrase.
## Note
##      Consult your Certificate Authrority administrator guide for HOWTO
##      configure pass phrase for SCEP certificate enrollment.
##
## Example (Instructing phone to use string "abcd" as the SCEP challenge pass phrase)
##      SET SCEPPASSWORD "abcd"


goto END

# END
GET 46xxsettings.txt

## END OF VPN SETTINGS SCRIPT FILE

