User`s guide
195
IP packets with ToS values n must use this tunnel
Packets with matching ToS fields will only be tunnelled through this IPsec tunnel and no
others. The usual traffic selector matching still takes place as normal. Packets that don’t
have matching ToS values will get tunnelled as normal.
The ToS values should be entered as a comma separated list. E.g. 2,4
Only tunnel IP packets with
This restricts the IP packets that will be tunnelled to those with matching TCP/UDP port
numbers.
local TCP/UDP port n
Allow IP packets with matching source TCP/UDP ports to be tunnelled.
remote TCP/UDP port n
Allow IP packets with matching destination TCP/UDP ports to be tunnelled.
local TCP/UDP port in the range of n1 to n2
Allow IP packets with source TCP/UDP ports in the specified range to be tunnelled. This is
only available when IKEv2 is used
remote TCP/UDP port in the range of n1 to n2
Allow IP packets with destination TCP/UDP ports in the specified range to be tunnelled.
This is only available when IKEv2 is used
Related CLI Commands
Entity
Instance
Parameter
Values
Equivalent Web Parameter
eroute n mode tunnel, transport IPsec Mode
eroute n ahauth off, md5, sha1
Use a AH authentication on this
tunnel
eroute n ipcompalg off, deflate Use c compression on this tunnel
eroute n oosdelsa on, off
Delete SAs when this tunnel is
down
eroute n ifvrrpmaster on, off
Delete SAs when router is not a
VRRP master
eroute n nosaoos on, off
Go out of service if automatic
establishment fails
eroute n nosadeactcnt Integer
Go out of service after n
consecutive auto-negotiation
failures
eroute n check_apnbu on, off This tunnel can only use apn
eroute n apnbu
0 = Main APN
1 = Backup APN
This tunnel can only use apn
eroute n ifent blank, ETH, PPP
Link tunnel with interface with x,y
x = Interface type
eroute n ifadd Integer
Link tunnel with interface with x,y
y = Interface number
eroute n inhibitno
Comma separated
Inhibit this IPsec tunnel when