User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR44v2

181

182

183

184

185

186

187

188

189

190

189

Use this IP mask for the remote LAN subnet. The mask sets the range of IP addresses

that will be allowed to use the IPsec tunnel.

Remote Subnet ID

Normally used with L2TP/IPsec VPNs. When the router is in server mode and negotiating

IPsec from behind a NAT box, this parameter should be configured to the ID sent by the

remote Windows client (this is usually the computer name).

Use the following security on this tunnel

These define the security identities used on the IPsec tunnel.

Preshared Keys

Requires that both IPsec peers share a secret key, or

password, that can be matched by and verified by both

peers.

To configure the PSK, a user will need configuring that

matches the inbound ID of the remote peer and the PSK

is configured using the password parameter. This is done

via Configuration – Security > Users. The User

configuration serves a dual purpose in that it may contain

entries for normal login access (e.g. HTTP, FTP or Telnet)

and entries for IPsec tunnels.

XAUTH Init Preshared Keys

Used when the remote peer is a Cisco device using

XAUTH and PSK authentication.

RSA Signatures

Select this option when the IPsec authentication will use

X.509 certificates.

XAUTH Init RSA

Used when the remote peer is a Cisco device using

XAUTH and X.509 certificates for authentication.

Our ID

When Aggressive mode is On, this parameter is a string of up to 20 characters. It is sent

to the remote peer to identify the initiator (e.g. the router). The variable %s can be used

in this parameter which will cause the router’s serial number to be sent. It can be

prefixed with other text if required.

When certificates are being used, this parameter should be configured with the “Altname”

field in a valid certificate held on the router.

Our ID type

This defines how the remote peer is to process the Our ID configuration.

IKE ID The Our ID parameter is a simple key ID (e.g. vpnclient1).

FQDN

The Our ID parameter is a Fully Qualified Domain Name (e.g.

vpnclient1.anycompany.com)

User FQDN

The Our ID parameter is a Fully Qualified Domain Name with a user

element (e.g.

joe.bloggs@anycompany.com)

IPv4 Address An IPv4 Address in dotted decimal notation.

Remote ID

When Aggressive mode is On, this parameter is a string of up to 20 characters which is

used to identify the remote peer. It should contain the same text as the Our ID

parameter in the remote peer’s configuration.

When Aggressive mode is Off, this parameter must be the IP address of the remote peer.

RSA Key File