User manual

ManualsBrandsCooper Bussmann ManualsComputer equipment615M-1

42 www.cooperbussmann.com/wirelessresources

Cooper Bussmann 615M-1 Cellular Data Modem and IP Router Series Manual

Rev Version 1.0

IPsec Support

IPsec Selecting “Enable” launches the IPsec process and starts all enabled tunnels.

Selecting “Disable” stops all tunnels and shuts down the IPsec process. Note that

all enabled tunnels are launched automatically when the unit connects to the cellular

carrier.

NAT Mode Determines how packets are addressed. Selecting “Bypass” allows packets coming

from Local Subnet addresses to pass through the Network Address Translation (NAT)

firewall unchanged. This may be sufficient when traffic only travels from Local Subnet

to Remote Subnet. (To make sure that packets generated by 615M-1 services appear

to originate from a Local Subnet address, you may need to enable the “Bind Services

to Eth IP” option on the LAN Settings page.) NAT changes the source address to

match the PPP IP Address shown on the Status tab of the Unit Status page. NAT-

Traversal enables the NAT-T protocol which can support traffic beyond just the Local

& Remote Subnets.

Tunnel Monitor

To supplement or complement Dead Peer Detection, tunnels can be monitored by sending periodic pings, and

restarting the tunnels if the pings repeatedly fail. Tunnel monitoring is controlled by the following five parameters.

IP Address 1 & IP

Address 2

Up to two addresses may be entered. Tunnels are monitored only if their IP address

matches the Remote IP Address or belongs to the Local Subnet or Remote Subnet.

A value of 0.0.0.0 disables monitoring.

Delay How often (in seconds) to send pings over the tunnel.

Fail count threshold The number of successive pings that need to fail to cause the tunnel to be restarted.

Success count

threshold

The number of successive pings that need to succeed for the tunnel to be

considered “up” and for the process of counting failed pings to begin.

Tunnel Configuration

Tunnel Item Tunnel number. Starts from 1 and increments for each new tunnel. To update an

existing tunnel, use its corresponding number from the tunnel table. To add a new

tunnel, use the last tunnel shown in the Tunnel Table + 1.

Label This is a label to identify a tunnel and must correspond to the name specified for the

remote endpoint.

Remote IP Address The IP address of the remote endpoint of the tunnel.

Remote Subnet Select “None” if encrypted packets are only destined for the Remote IP Address.

Use an IP address/mask if encrypted packets are also destined for the specified

network that is beyond the Remote IP Address.

IMPORTANT: The Remote Subnet and Local Subnet addresses must not

overlap.

Local Subnet Select “None” if only packets generated by 615M-1 services are to be sent over

the tunnel. Select “Ethernet” if packets from the local LAN are also to be sent over

the tunnel. (To make sure that packets generated by 615M-1 services appear to

originate from a Local Subnet address, you may need to enable the “Bind Services

to Eth IP” option on the LAN Settings page.) Use an IP address/mask if a network

beyond the local LAN will be sending packets over the tunnel.

IMPORTANT: The Remote Subnet and Local Subnet addresses must not

overlap.

Phase 1 Encryption Use AES-128, AES-256 or 3DES encryption.