User`s guide
193
The alternative IP mask to negotiate.
Virtual IP Request
Used when the remote peer is a Cisco device using MODECFG to assign a specific IP address
to this router during SA setup negotiations. This is commonly seen in Remote Access (RA)
type VPNs and EasyVPN solutions. The mode to use will depend on the configuration of the
Cisco, seek advice from the Cisco administrator to determine which mode to use.
XAuth ID
Extended Authentication ID for use with Cisco XAUTH.
Related CLI Commands
Entity
Instance
Parameter
Values
Equivalent Web Parameter
eroute n debug on, off Enable IKE tracing
eroute n neglocip IP Address
Negotiate a different IP address
and Mask
eroute n neglocmsk IP Mask
Negotiate a different IP address
and Mask
eroute n vip 0,1,2,3 Virtual IP address
eroute n xauthid String XAuth ID
Advanced
IPsec mode
Selects the IPsec encapsulation type to use on the IPsec tunnel. In Tunnel mode, the entire
IP packet (header and payload) is encrypted. In Transport mode, only the IP payload is
encrypted.
Use algorithm AH authentication on this tunnel
The AH authentication algorithm to use with this IPsec tunnel. The options are:
• No (None)
• MD5
• SHA1
Use algorithm compression on this tunnel
The compression algorithm to use with this IPsec tunnel. The options are:
• No (None)
• DEFLATE
Delete SAs when this tunnel is down
When selected, all SAs associated with the IPsec tunnel are deleted when the tunnel goes
out of service.
Delete SAs when router is not a VRRP master
When selected, at least one Ethernet interface must be set as VRRP Master before the
router can create SAs. If the router switches away from VRRP Master state, the SAs will be
deleted. When the router switches back to VRRP Master state, the SAs will be created
automatically.
Go out of service if automatic establishment fails
The router will take the IPsec tunnel out of service if the automatic establishment fails
rather than continually retrying.