6-20 Firmware User Guide
•
Specifying IKE key management alters the
Advanced IP Profile Options
screen as follows:
•
You can specify a
Local Tunnel Endpoint Address
. If not 0.0.0.0, this value must be one of the assigned
inter face addresses, either WAN or LAN. This is used as the source address of all IPsec traffic.
•
You can specify a
Next Hop Gateway
. If you specify the Remote Tunnel Endpoint Address, and the address
is in the same subnet as the Remote Members Network you specified in the IP Profile Parameters, the
Next Hop Gateway
option allows you to enter the address by which the Router par tner is reached.
If you do not specify the Remote Tunnel Endpoint Address, the Router will use the default gateway to reach
the par tner. If the par tner should be reached via an alternate por t (for example, the LAN instead of the
WAN), the
Next Hop Gateway
field allows this path to be resolved.
•
You can specify an
Idle Timeout (seconds)
value. The idle timeout tells the Router that if no traffic passes
through the tunnel for the specified number of seconds, no automatic SA re-key should be per formed.
When new traffic does pass through the tunnel, the idle timeout inter val resets again when the current SAs
expire.
If you set the value to zero, the Router will re-key the SA whenever the SA Lifetime inter val specifies,
regardless of whether traffic is passing through it or not. This will effectively “nail up” the tunnel.
•
Maximum Packet Size
permits you to modify the
MTU
setting for the tunnel. Some ISPs require a setting
of e.g. 1492 (or other value). The default 1500 is the most common and you usually don’t need to change
this unless other wise instructed. Accepted values are from 100 – 1500.
This is the star ting value that is used for the MTU when the IPSec tunnel is installed. It specifies the
maximum IP packet length for the encapsulated AH or ESP packets sent by the router. The MTU used on
the IPSec connection will be automatically adjusted based on the MTU value in any received ICMP
can't
fragment
error messages that correspond to IPSec traffic initiated from the router. Normally the MTU only
requires manual configuration if the ICMP error messages are blocked or other wise not received by the
router.
Advanced IP Profile Options
Local Tunnel Endpoint Address: 0.0.0.0
Next Hop Gateway: 0.0.0.0
Idle Timeout (seconds): 300
Maximum Packet Size: 1500
Enter an IP address in decimal and dot form (xxx.xxx.xxx.xxx).
Summary of Contents for 3300-ENT Series
Page 10: ...x Firmware User Guide...
Page 16: ...1 6 Firmware User Guide...
Page 44: ...2 28 Firmware User Guide...
Page 96: ...3 52 Firmware User Guide...
Page 192: ...6 26 Firmware User Guide...
Page 264: ...9 14 Firmware User Guide...
Page 314: ...10 50 Firmware User Guide...
Page 324: ...11 10 Firmware User Guide...
Page 334: ...Index 6...