User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR44v2

181

182

183

184

185

186

187

188

189

190

188

Once this initial association exists the two devices can “talk” securely about and exchange

information on what kind of security protocols they would like to use to establish a secure

data link, i.e. what sort of encryption and/or authentication they can use and what

sources/destinations they will accept. When this second stage is complete (and provided

that both systems have agreed what they will do), IPSec will have set up its own Security

Associations which it uses to test incoming and outgoing data packets for eligibility and

perform security operations on before passing them down or relaying them from the

“tunnel”.

IPsec Tunnels > IPsec n

Configuration – Network > Virtual Private Network (VPN)>IPsec> IPsec Tunnels>

IPsec n

Once the IKE parameters have been set-up, the next stage is to define the characteristics of

the IPsec tunnels, or encrypted routes. This includes items such as what source and

destination addresses will be connected by the tunnel and what type of encryption and

authentication procedures will be applied to the packets being tunnelled. For obvious

reasons it is essential that parameters such as encryption and authentication are the same

at each end of the tunnel. If they are not, then the two systems will not be able to agree on

what set of rules or “policy” to adopt for the IPsec tunnel and communication cannot take

place.

Description

This parameter allows you to enter a name for IPsec tunnel to make it easier to identify.

The IP address or hostname of the remote unit

The IP address or hostname of the remote IPsec peer that a VPN will be initiated to.

Use a.b.c.d as a backup unit

The IP address or hostname of a backup peer. If the router cannot open a connection to the

primary peer, this configuration will be used. Please note that the backup peer device must

have an identical IPsec tunnel configuration as the primary peer.

Use these settings for the local LAN

These define the local LAN subnet settings used on the IPsec tunnel.

IP Address

Use this IP address for the local LAN subnet. This is usually the IP address of the router’s

Ethernet interface or that of a specific device on the local subnet (such as a PC running a

client or host application).

Mask

Use this IP mask for the local LAN subnet. The mask sets the range of IP addresses that

will be allowed to use the IPsec tunnel.

Use interface x,y

Use the IP address and mask of the specified interface.

Use these settings for the remote LAN

These define the remote LAN subnet settings used on the IPsec tunnel.

IP Address

Use this IP address for the remote LAN subnet. This is usually the IP address of the

peer’s Ethernet interface or that of a specific device on the local subnet (such as a PC

running a client or host application).

Mask