User guide
229
CONFIG Commands
set security ipsec tunnels name "123" encrypt-protocol
(ESP) { ESP | none }
Sets the encryption protocol for the specified tunnel.
set security ipsec tunnels name "123" auth-protocol
(ESP) {AH | ESP | none}
Sets the authorization protocol for the specified tunnel.
IPSec MTU Some ISPs require a setting of e.g. 1492 (or other value). The default
1500 is the most common and you usually don’t need to change this
unless otherwise instructed. Accepted values are from 100 – 1500.
This is the starting value that is used for the MTU when the IPSec tunnel is
installed. It specifies the maximum IP packet length for the encapsulated
AH or ESP packets sent by the router. The MTU used on the IPSec connec-
tion will be automatically adjusted based on the MTU value in any received
ICMP can't fragment error messages that correspond to IPSec traffic initi-
ated from the router. Normally the MTU only requires manual configuration
if the ICMP error messages are blocked or otherwise not received by the
router.
Xauth Enable Extended Authentication (XAuth), an extension to the Internet Key
Exchange (IKE) protocol. The Xauth extension provides dual authentication
for a remote user’s Netopia Gateway to establish a VPN, authorizing net-
work access to the user’s central office. IKE establishes the tunnel, and
Xauth authenticates the specific remote user's Gateway. Since NAT is sup-
ported over the tunnel, the remote user network can have multiple PCs
behind the client Gateway accessing the VPN. By using XAuth, network VPN
managers can centrally control remote user authentication.
Xauth Username/
Password
Xauth authentication credentials.