User`s guide
192
Entity
Instance
Parameter
Values
Equivalent Web Parameter
eroute n espenc
off, null, des, 3des,
aes
Use enc encryption on this tunnel
eroute n enckeybits 128, 192, 256 Use enc encryption on this tunnel
eroute n espauth off, md5, sha1
Use auth authentication on this
tunnel
eroute n dhgroup 0, 1, 2, 3 Use Diffie Hellman group
eroute n ikever 1, 2 Use IKE n to negotiate this tunnel
eroute n ikecfg 0, 1 Use IKE configuration
eroute n autosa
0 = On Demand
1 = When a route
to the destination
is available
2 = All the time
Bring this tunnel up
eroute n nosa drop, pass, try
If the tunnel is down and a packet
is ready to be sent
eroute n inact_to Integer
Bring this tunnel down if it is idle
for h hrs m mins s secs
This CLI value is entered in seconds
only.
eroute n ltime Integer
Renew the tunnel after h hrs m
mins s secs
This CLI value is entered in seconds
only.
eroute n lkbytes Integer
Renew the tunnel after n units of
traffic.
This CLI value is entered in Kbytes
only.
Tunnel Negotiation
Configuration – Network > Virtual Private Network (VPN)>IPsec> IPsec Tunnels>
IPsec n> Tunnel Negotiation
Enable IKE tracing
This will enable the router to write IKE negotiation information in the analyser trace.
Negotiate a different IP address and Mask
The IPsec tunnel can be configured to negotiate a different local LAN IP address and mask.
The firewall can then be used to translate the source addresses of the packets to a value
that lies within the negotiated range. This is so that a packet can match more than one
IPsec tunnel but will use a different source address (from the peer’s perspective) depending
on which IPsec tunnel gets used.
IP Address
The alternative IP address to negotiate.
Mask