User`s guide
194
Go out of service after n consecutive auto-negotiation failures
The router will take the IPsec tunnel out of service if the auto-negotiation fails for the
specified consecutive number of times rather than continually retrying.
This tunnel can only use apn
When enabled, this parameter allows you to choose between using the main APN or the
backup APN, as defined in the Configuration – Network > Serial > W-WAN Port page.
Link tunnel with interface with x,y
When enabled, this parameter can be set so that the IPsec tunnel will only match packets
using the specified interface. When this parameter is enabled, the route will take outgoing
packets going through this IPsec tunnel and recheck to see if the resultant packet also goes
through a tunnel.
If the inner tunnel is an IPsec tunnel (i.e. needs IKE), you can get the inner IKE to use the
correct source address (matching the outer tunnel selectors) by enabling the Use
secondary IP address parameter and the inner IKE will use the IP address configured in
the Secondary IP address parameter on the Configuration – Network > Advanced
Network Settings page.
Inhibit this IPsec tunnel when IPsec tunnels n are up
This is a list of IPsec tunnels that can inhibit this IPsec tunnel from being used as long as
they are up. If this IPsec tunnel has been allowed to come up, and the IPsec tunnel that
inhibits it comes back up, this IPsec is taken down and any SAs that may have existed are
removed. As soon as an inhibiting IPsec tunnel goes down, the router will check to see if the
inhibited IPsec tunnel can now create SAs.
Inhibit this IPsec tunnel unless IPsec tunnel n is up
This IPsec tunnel will be inhibited unless specified IPsec tunnel is also up.
IKE negotiation source IP address is taken from the
This defines which IP address IKE uses as the source IP address during the negotiation.
Interface
Use the IP address of the interface over which the IKE packets will be transmitted.
Secondary IP address
Use the IP address configured in the Secondary IP address parameter on the
Configuration – Network > Advanced Network Settings page.
Interface x,y
Use the IP address of the specified interface.
Tunnel this IPsec tunnel inside another IPsec tunnel
It is possible to tunnel packets from an IPsec tunnel within a second (or more) tunnel. When
this parameter is enabled.
NAT-Traversal Keepalive timer s seconds
Sets the interval period, in seconds, that the router will use to send regular packets to a
NAT device in order to prevent the NAT table entry from expiring.
Allow protocol IP protocol(s) in this tunnel
This restricts the type of IP packets that will be tunnelled through the IPsec tunnel. The
options are:
• All
• TCP
• UDP
• GRE