User`s guide
190
Configuration – Network > Virtual Private Networking (VPN) > IPsec >
IPsec Tunnels > IPsec n > Tunnel Negotiation
Enable IKE tracing
This will enable the router to write IKE negotiation information in the analyser trace.
Negotiate a different IP address and Mask
The IPsec tunnel can be configured to negotiate a different local LAN IP address and mask.
The firewall can then be used to translate the source addresses of the packets to a value
that lies within the negotiated range. This is so that a packet can match more than one
IPsec tunnel but will use a different source address (from the peer’s perspective) depending
on which IPsec tunnel gets used.
IP Address
The alternative IP address to negotiate.
Mask
The alternative IP mask to negotiate.
Negotiate a virtual IP address using MODECFG
Used when the remote peer is a Cisco device using MODECFG to assign a specific IP address
to this router during SA setup negotiations. This is commonly seen in Remote Access (RA)
type VPNs and EasyVPN solutions.
XAuth ID
Extended Authentication ID for use with Cisco XAUTH.
Related CLI Commands
Entity
Instance
Parameter
Values
Equivalent Web Parameter
eroute n debug on, off Enable IKE tracing
eroute n neglocip IP Address
Negotiate a different IP address
and Mask
eroute n neglocmsk IP Mask
Negotiate a different IP address
and Mask
eroute n vip on, off
Negotiate a virtual IP address using
MODECFG
eroute n xauthid String XAuth ID
Configuration – Network > Virtual Private Networking (VPN) > IPsec >
IPsec Tunnels > IPsec n > Advanced
IPsec mode
Selects the IPsec encapsulation type to use on the IPsec tunnel. In Tunnel mode, the entire
IP packet (header and payload) is encrypted. In Transport mode, only the IP payload is
encrypted.
Use algorithm AH authentication on this tunnel
The AH authentication algorithm to use with this IPsec tunnel. The options are
• No (None)
• MD5
• SHA1
Use algorithm compression on this tunnel