Manualshelf

User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR44v2
31323334353637383940
37
Enable IPsec on this interface
This parameter is used to enable or disable IPSec security features for this Ethernet
interface.
Use interface x,y for the source IP address of IPsec packets
By default, the source IP address for an IPsec Eroute will be the IP address of the
interface on which IPSec was enabled. By setting this parameter to either PPP or Ethernet
and the relevant interface number, the source address used by IPSec will match that of
the Ethernet or PPP interface specified.
Enable the firewall on this interface
This parameter is used to turn Firewall script processing “On” or “Off” for this interface.
Remote management access
The Remote access options parameter can be set to “No restrictions”, “Disable
management”, “Disable return RST”, “Disable management & return RST”. When set to “No
restrictions”, users on this interface can access the unit’s Telnet, FTP and web services for
the purpose of managing the unit.
When set to “Disable management”, users on this interface are prevented from managing
the unit via Telnet, FTP or the web interface.
Disable return RST - whenever a unit receives a TCP SYN packet for one of its own IP
addresses with the destination port set to an unexpected value, i.e. a port that the unit
would normally expect to receive TCP traffic on, it will reply with a TCP RST packet. This is
normal behaviour.
However, the nature of internet traffic is such that whenever an internet connection is
established, TCYP SYN packets are to be expected. As the router’s PPP inactivity timer is
restarted each time the unit transmits data (but not when it receives data), the standard
response of the unit to SYN packets i.e. transmitting an RST packet, will restart the
inactivity timer and prevent the unit from disconnecting the link even when there is no
“genuine” traffic. This effect can be prevented by using the appropriate commands and
options within the firewall script. However, on Digi 1000 series units, or where you are not
using a firewall, the same result can be achieved by selecting this option, i.e. when this
option is selected the normal behaviour of the unit in responding to SYN packets with RST
packets is disabled. The option will also prevent the unit from responding to unsolicited UDP
packets with the normal ICMP destination unreachable responses.
The “Disable management & return RST” option prevents users from managing the unit via
the Telnet, FTP and web interfaces and also disables the transmission of TCP RST packets as
above.
Multihome additional consecutive addresses
This parameter defines how many additional (consecutive) addresses the ethernet driver will
“own”. For example, if the IP address of the interface was 10.3.20.40, and Multihome
additional consecutive addresses was set to 3, the IP addresses 10.3.20.41, 10.3.20.42 and
10.3.20.43 would also belong to the Ethernet interface.
Respond to ARP requests only if the requestor is of this network
When this parameter is enabled, the ethernet context will only respond to ARP requests if
the source IP in the ARP request is of the network configured into the ethernet instance.
Enable IGMP on this interface