User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR41

181

182

183

184

185

186

187

188

189

190

186

IP Address

Use this IP address for the local LAN subnet. This is usually the IP address of the router’s

Ethernet interface or that of a specific device on the local subnet (such as a PC running a

client or host application).

Mask

Use this IP mask for the local LAN subnet. The mask sets the range of IP addresses that

will be allowed to use the IPsec tunnel.

Use interface x,y

Use the IP address and mask of the specified interface.

Use these settings for the remote LAN

These define the remote LAN subnet settings used on the IPsec tunnel.

IP Address

Use this IP address for the remote LAN subnet. This is usually the IP address of the

peer’s Ethernet interface or that of a specific device on the local subnet (such as a PC

running a client or host application).

Mask

Use this IP mask for the remote LAN subnet. The mask sets the range of IP addresses

that will be allowed to use the IPsec tunnel.

Remote Subnet ID

Normally used with L2TP/IPsec VPNs. When the router is in server mode and negotiating

IPsec from behind a NAT box, this parameter should be configured to the ID sent by the

remote Windows client (this is usually the computer name).

Use the following security on this tunnel

These define the security identities used on the IPsec tunnel.

Preshared Keys

Requires that both IPsec peers share a secret key, or

password, that can be matched by and verified by both

peers.

To configure the PSK, a user will need configuring that

matches the inbound ID of the remote peer and the PSK

is configured using the password parameter. This is done

via Configuration – Security > Users. The User

configuration serves a dual purpose in that it may contain

entries for normal login access (e.g. HTTP, FTP or Telnet)

and entries for IPsec tunnels.

XAUTH Init Preshared Keys

Used when the remote peer is a Cisco device using

XAUTH and PSK authentication.

RSA Signatures

Select this option when the IPsec authentication will use

X.509 certificates.

XAUTH Init RSA

Used when the remote peer is a Cisco device using

XAUTH and X.509 certificates for authentication.

Our ID

When Aggressive mode is On, this parameter is a string of up to 20 characters. It is sent

to the remote peer to identify the initiator (e.g. the router). The variable %s can be used

in this parameter which will cause the router’s serial number to be sent. It can be

prefixed with other text if required.

When certificates are being used, this parameter should be configured with the “Altname”

field in a valid certificate held on the router.