Configuration - Page 25
The table below details the parameters that are included on the Main tab of the IPSec
Security menu.
Main tab
Description
Name
A unique name for the tunnel.
The IP Address and IP Mask are used in conjunction with each other
to configure and set the conditions for this Security Association (SA)
with regard to inbound and outbound IP packets.
In order to understand the relationship between the Local and
Remote configuration when setting the conditions of the policy, the
direction of the packet must be considered.
With respect to the local system an IP packet is inbound or outbound
to the IPSec tunnel. The table below details the relationship between
the Local and Remote configuration in these two cases.
Inbound (from tunnel)
Outbound (into tunnel)
Local Configuration:
•
IP Address
•
IP Mask
Remote Configuration
•
IP Address
•
IP Mask
Local IP Address/Mask
defines the destination IP
address.
Remote IP Address/Mask
defines the source IP
address.
For any received IPSec
encapsulated packet there
must be a match on the SA
for the destination and
source IP addresses else
the packet is discarded.
Local IP Address/Mask defines the
source IP address.
Remote IP/Address defines destination
IP address.
For any IP packet that is to be
forwarded, IP Office determines a
match to a SA on the basis of source
and destination IP addresses.
When an IP packet is matched in this
way it is forwarded with IPSec
encapsulation (ESP).
When an IP packet is not matched in
this way it is forwarded without IPSec
encapsulation.
Local Configuration
•
Tunnel Endpoint IP
Address
The local source IP address that is to be used to establish the SA to
the remote peer. If left un-configured, IP Office will use the IP
address of the local interface on which the tunnel is to be originated,
except in the case of numbered PPP link. In this case, the IP
Address that is assigned to the PPP service must be used. See
IPSec over the WAN on page 49.
Remote Configuration
•
Tunnel Endpoint IP
Address
The IP address of the peer to which a SA must be established before
the specified local and remote addresses can be forwarded.
Note:
The term Main tab does not relate to the IPSec Main mode (IPSec Main
mode is the function of the IKE tab, see page 28).
IP Office (R3.0) Virtual Private Networking
Configuration - Page 25
40DHB0002UKER Issue 3 (4th February 2005)
IPSec Configuration