Manualshelf

User Documentation

ManualsBrandsWeidmueller ManualsAutomation & SoftwareIE-SR-4TX-LTE/4G-EU
51525354555657585960
Version 1.2 / August 2020 Page 56 / 102
Remote ID
The peer will identify (not authenticate) itself with this ID depending
on the chose authentication method.
PSK: If no remote id is given the IP address of the remote site is
checked. Entering the IP address is not the same as leaving the
field empty! The remote ID must not contain blanks.
Certificate: The complete certificate info of the peer must be speci-
fied. In case of another Weidmüller Security Router you can copy
and paste the certificate info (C=… ST=… ) from its certificates
page. The order of info elements C, ST, L, O, OU, CN, E must be
kept and all elements separated by a comma followed by a blank.
Note: The remote ID must match exactly except when you are wait-
ing for road warriors using certificates. Then also all fields must be
present but “*” may be used as wild card (e.g. CN=*). For a road
warrior setup with PSK no ids should be used.
Note: The remote ID should be unique. If several connections share
the same ID their tunnels will get periodically build up and torn
down (traffic with interruptions is possible though).
Remote subnet
This is the remote subnet to which the traffic coming from the local
subnet is encrypted when going out via the given interface. The
subnet must be defined as IP/Network mask, e.g. 192.168.0.0/24. If
no subnet is given, the IP address of the interface itself is used.
Note: The local and remote subnet must not be equal!
Note: Routed traffic is not generally encrypted! Only traffic between
exactly the local and the remote network gets encrypted! For in-
stance, if you use two Weidmüller Security Routers and leave both
subnets empty the IPsec tunnel will be established between two
routers. Then only traffic originated from one router destined to the
other router is encrypted. The traffic that is routed via both devices
from networks behind them is not encrypted at all.
Note
By default, the Router uses the parameters AES128, MD5, DH group 2 for Main-Mode and
AES128, SHA1 for Quick-Mode.
Authentication by „Aggressive-Mode is due to security reasons not supported!
VPN IPsec (Tab State)
Menu
Configuration VPN IPsec Tab „State“
Function
Displays all IPsec tunnels and their state