Specifications
52 MDS Orbit MCR-4G Technical Manual MDS 05-6628A01, Rev. A
connection <name> {
ike-peer <reference-to-ike-peer>
ipsec-policy <reference-to-ipsec-policy>;
local-ip-subnet <x.x.x.x/len>;
remote-ip-subnet <y.y.y.y/len>;
failure-retry-interval 1;
is-out-of-band-ima <true|false>
}
}
}
}
Firewall Filters for the Cellular Interface
When setting up IPsec VPN over a Cellular interface, the following firewall filters are recommended to be
configured and applied to the cellular interface. The
IN_UNTRUSTED and OUT_UNTRUSTED filters should
be applied to incoming and outgoing traffic respectively.
filter IN_UNTRUSTED {
rule 1 {
match {
protocol udp;
src-port {
services [ dns ike ntp ];
}
}
actions {
action accept;
}
}
rule 2 {
match {
protocol esp;
}
actions {
action accept;
}
}
rule 3 {
match {
protocol icmp;
}
actions {
action accept;
}
}
rule 4 {
match {
ipsec {
direction in;
tunnel-src-address <VPN SERVER IP ADDRESS>/32;
tunnel-dst-address <CELL INTERFACE IP ADDRESS>/32;
}
}
actions {
action accept;
}
}
rule 10 {
match {
protocol all;
}
actions {
action drop;
}
}
}
filter OUT_UNTRUSTED {
rule 1 {
match {
src-address {
address <CELL INTERFACE IP ADDRESS>/32;
}