P-660RU-Tx v 3 Series Support Note s
15. Can the P -660RU-Tx v3's SUA (Simple IP) ha ndle IPSec packets sent by
the IPSec ga teway?
Yes, the P-660 RU-Tx v3 's SUA can handle IPSec ESP Tunneling mode. We
know when packets go through SU A; SU A will change the source IP address
and source port for the h ost. To pass IPSec packets, SU A must understand the
ESP packet wi th protocol number 50; replace the source IP address of the
IPSec gatewa y to the router's WAN IP address. However, SU A should not
change the source port of the UD P packets which are used for ke y
m anagements. Because the remote gateway checks this source port during
connections, the port thus is not allowed to be changed.
16. How do I setup P-660 RU-Tx v3 for r outing IPSec packets over SUA?
For ou tgoing IPSec tunnels, no extra setting is required.
For forwarding the inbound IPSec ESP tunnel, A 'Default' server set is required .
You could configure it in Web Configurato r, Ad vanced Setup,
Advanced Setup
-> NAT -> DMZ:
Note
: First we should set
Num ber of IP
s as
Single
for SU A use.
It is beca use SU A makes you r L AN ap pear as a single machine to the ou tside
world. L AN users are in visible to ou tside users. So , to make an internal server
for outside access, we must speci fy th e servi ce po rt and the L AN IP o f this
server in Web configu ra tion page . Th us SU A is able to forwa rd the incoming
packets to the requested service behind SU A and the ou tside users access
the server using the P -660RU-Tx v3 's WAN IP address. So, we ha ve to
configu re the in ternal IPSec clien t as a de faul t server (unspeci fied service port)
when it a cts a server ga tewa y.
14
All contents copyright © 2008 Zy XEL Communications Corporation.
Summary of Contents for P-660RU-Tx v3 SERIES
Page 64: ......
