User`s guide
192
IKE negotiation source IP address is taken from the
This defines which IP address IKE uses as the source IP address during the negotiation.
Interface
Use the IP address of the interface over which the IKE packets will be transmitted.
Secondary IP address
Use the IP address configured in the Secondary IP address parameter on the
Configuration – Network > Advanced Network Settings page.
Interface x,y
Use the IP address of the specified interface.
Tunnel this IPsec tunnel inside another IPsec tunnel
It is possible to tunnel packets from an IPsec tunnel within a second (or more) tunnel. When
this parameter is enabled.
NAT-Traversal Keepalive timer s seconds
Sets the interval period, in seconds, that the router will use to send regular packets to a
NAT device in order to prevent the NAT table entry from expiring.
Allow protocol IP protocol(s) in this tunnel
This restricts the type of IP packets that will be tunnelled through the IPsec tunnel. The
options are
• All
• TCP
• UDP
• GRE
IP packets with ToS values n must use this tunnel
Packets with matching ToS fields will only be tunnelled through this IPsec tunnel and no
others. The usual traffic selector matching still takes place as normal. Packets that don’t
have matching ToS values will get tunnelled as normal.
The ToS values should be entered as a comma separated list. E.g. 2,4
Only tunnel IP packets with
This restricts the IP packets that will be tunnelled to those with matching TCP/UDP port
numbers.
source TCP/UDP port n
Allow IP packets with matching source TCP/UDP ports to be tunnelled.
destination TCP/UDP port n
Allow IP packets with matching destination TCP/UDP ports to be tunnelled.
source TCP/UDP port in the range of n1 to n1
Allow IP packets with source TCP/UDP ports in the specified range to be tunnelled. This is
only available when IKEv2 is used
destination TCP/UDP port in the range of n1 to n2
Allow IP packets with destination TCP/UDP ports in the specified range to be tunnelled.
This is only available when IKEv2 is used