User`s guide
196
Entity
Instance
Parameter
Values
Equivalent Web Parameter
list of Integers
IPsec tunnels n are up
eroute n requireno Integer
Inhibit this IPsec tunnel unless
IPsec tunnel n is up
eroute n usesecip on, off
IKE negotiation source IP address
is taken from the Secondary IP
Address
eroute n ipent blank, ETH, PPP
IKE negotiation source IP address
is taken from the Interface x,y
x = Interface type
eroute n ipadd Integer
IKE negotiation source IP address
is taken from the Interface x,y
y = Interface number
eroute n intunnel on, off
Tunnel this IPsec tunnel inside
another IPsec tunnel
eroute n natkaint Integer
NAT-Traversal Keepalive timer s
seconds
eroute n proto off, tcp, udp, gre
Allow protocol IP protocol(s) in
this tunnel
eroute n toslist
Comma separated
list of Integers
IP packets with ToS values n must
use this tunnel
eroute n locport 0 - 65535
Only tunnel IP packets with local
TCP/UDP port
eroute n remport 0 - 65535
Only tunnel IP packets with
remote TCP/UDP port
eroute n locfirstport 0 - 65535
Only tunnel IP packets with local
TCP/UDP port in the range of n1 to
n2
eroute n loclastport 0 - 65535
Only tunnel IP packets with local
TCP/UDP port in the range of n1 to
n2
eroute n remfirstport 0 - 65535
Only tunnel IP packets with
remote TCP/UDP port in the range
of n1 to n2
eroute n remlastport 0 - 65535
Only tunnel IP packets with
remote TCP/UDP port in the range
of n1 to n2
Setting up IPsec Tunnels for Multiple Users
For small numbers of users it is usual to set up an individual eroute for each user. However,
to ease configuration where large numbers of users are required, the “*” character can be
used as a wildcard to match multiple user IDs. For example, setting the Peer ID parameter
to “Digi*” would match all remote units having an Our ID parameter starting with “Digi”,
e.g. Digi01, Digi02, etc.