To use the IP address transfer over ISDN function, you must obtain a free-of-charge
extra licence.
You can obtain the licence data for extra licences via the online licensing pages in the
support section at
. Please follow the online licensing instruc-
Before System Software Release 7.1.4, IPSec ISDN callback only supported tunnel setup if
the current IP address of the initiator could be determined by indirect means (e.g. via
DynDNS). However, DynDNS has serious disadvantages, such as the latency until the IP
address is actually updated in the database. This can mean that the IP address propagated
via DynDNS is not correct. This problem is avoided by transferring the IP address over
ISDN. This type of transfer of dynamic IP addresses also enables the more secure ID Pro-
tect mode (main mode) to be used for tunnel setup.
Method of operation: Various modes are available for transferring your own IP address to
the peer: The address can be transferred free in the D channel or in the B channel, but
here the call must be accepted by the remote station and therefore incurs costs. If a peer
whose IP address has been assigned dynamically wants to arrange for another peer to set
up an IPSec tunnel, it can transfer its own IP address as per the settings described in
Fields in the menu IPv4 IPSec Callback
on page 250. Not all transfer modes are supported
by all telephone companies. If you are not sure, automatic selection by the device can be
used to ensure that all the available possibilities can be used.
The callback configuration should be the same on the two devices so that your device
is able to identify the IP address information from the called peer.
The following roles are possible:
• One side takes on the active role, the other the passive role.
• Both sides can take on both roles (both).
The IP address transfer and the start of IKE phase 1 negotiation take place in the following
Peer A (the callback initiator) sets up a connection to the Internet in order to be as-
signed a dynamic IP address and be reachable for peer B over the Internet.
Your device creates a token with a limited validity and saves it together with the cur-
bintec elmeg GmbH
14 VPN
be.IP 4isdn