IPsec Support
•
IPsec
Selecting Enable will launch the IPsec process and start all enabled tunnels. Selecting Disable will stop all tunnels
and shutdown the IPsec process. Note that all enabled tunnels will be launched automatically when the unit
connects to the cellular carrier.
•
NAT Mode
Determines how packets are addressed. Selecting Bypass will allow packets coming from Local Subnet addresses
through the NAT firewall unchanged. This may be sufficient when traffic only travels from Local Subnet to Remote
Subnet. (LAN Settings » Bind to Eth IP may need to be enabled to make sure that packets generated by Vanguard
services appear to originate from a Local Subnet address.) NAT changes the source address to match the Status »
PPP IP Address. NAT-Traversal enables the NAT-T protocol which can support traffic beyond just the Local and
Remote Subnets.
Tunnel Monitor
To supplement/complement Dead Peer Detection, tunnels can be monitored by sending periodic pings, with the
tunnels being restarted if the pings repeatedly fail. Tunnel monitoring is controlled by the following parameters.
•
IP Address 1 & IP Address 2
Up to two addresses may be entered. Only those tunnels where the IP address matches the Remote IP Address or
belongs to the Local Subnet or Remote Subnet are monitored. A value of 0.0.0.0 disables monitoring.
•
Delay
How often, in seconds, to send pings over the tunnel.
•
Fail count threshold
The number of successive pings that need to fail to cause the tunnel to be restarted.
•
Success count threshold
The number of successive pings that need to succeed for the tunnel to be considered “up” and for the process of
counting failed pings to begin.
Tunnel Configuration
•
Tunnel Item
Tunnel number, starts from 1 and increments for each new tunnel. To update an existing tunnel, use its
corresponding number from the tunnel table. To add a new tunnel, add one to the item number of the tunnel listed
last in the Tunnel Table.
•
Label
This is a label to identify a tunnel and corresponds to the name specified for the remote endpoint.
•
Remote IP Address
The IP address of the remote endpoint of the tunnel.
Vanguard 3000 Series Multicarrier Cellular Data Modem & IP Router PN 001-7300-100 Rev. B
| Page 58