User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR44v2

211

212

213

214

215

216

217

218

219

220

211

If the unit receives packets from a local interface that need to be routed through the tunnel,

it performs address translation so that the source address matches the assigned IP address

before encrypting using the negotiated SA. Some state information is retained so that

packets coming in the opposite direction with matching addresses/ports can have their

destination address set to the source address of the original packet (in the same way as

standard NAT).

If the remote end of the tunnel is to be able to access units connected to the local interface,

the unit that has been assigned the virtual IP address needs to have some static NAT

entries set up. When a packet is received through the tunnel, the unit will first look up

existing NAT entries, followed by static NAT entries to see if the destination address/port

should be modified, and forwards the packet to the new address. If a static NAT mapping is

found, the unit creates a dynamic NAT entry that will be used for the duration of the

connection. If no dynamic or stateful entry is found, the packet is directed to the local

protocol handlers.

External Port

The lowest destination port number to be matched if the packet is to be redirected.

Forward to Internal IP Address

An IP address to which packets containing the specified destination port number are to be

redirected.

Forward to Internal Port

A port number to which packets containing the specified destination port number are to be

redirected.

Port Range Count

The number of ports to be matched.

Related CLI Commands

Entity

Instance

Parameter

Values

Equivalent Web Parameter

tunsnat n minport 0 - 65535 External Port

tunsnat n maxport 0 – 65535 Port Range Count

tunsnat n ipaddr IP Address Forward to Internal IP Address

tunsnat n mapport 0 - 65535 Forward to Internal Port

IKEv2

Configuration - Network > Virtual Private Networking (VPN) > IPsec > IKEv2

When IKE Version 2 is supported, it is possible to specify whether the IKEv1 or IKEv2

protocol should be used to negotiate IKE SAs. By default, IKEv1 is used and routers which

have been upgraded to support IKEv2 will not require any changes to their configuration to

continue working with IKEv1.

IKEv2 n

Configuration - Network > Virtual Private Networking (VPN) > IPsec > IKEv2>

IKEv2 n

Use the following settings for negotiation

Defines the settings used during the IKEv2 negotiation