Virtual Private Networks (VPN)
IPsec
TX54 User Guide
403
l
The firewall zone of the IPsec tunnel.
l
The routing metric for routes associated with this IPsec tunnel.
l
The authentication type and pre-shared key or other applicable keys and certificates.
If SCEP certificates will be selected as the Authentication type, create the SCEP client prior
to configuring the IPsec tunnel. See
Configure a Simple Certificate Enrollment Protocol
for instructions.
l
The local endpoint type and ID values, and the remote endpoint host and ID values.
n
IKE configuration items
l
The IKE version, either IKEv1 or IKEv2.
l
Whether to initiate a key exchange or wait for an incoming request.
l
The IKE mode, either main aggressive.
l
The IKE authentication protocol to use for the IPsec tunnel negotiation during phase 1 and
phase 2.
l
The IKE encryption protocol to use for the IPsec tunnel negotiation during phase 1 and
phase 2.
l
The IKE Diffie-Hellman group to use for the IPsec tunnel negotiation during phase 1 and
phase 2.
n
Enable dead peer detection and configure the delay and timeout.
n
Destination networks that require source NAT.
n
Active recovery configuration. See
Configure SureLink active recovery for IPsec
for information
about IPsec active recovery.
Additional configuration items
The following additional configuration settings are not typically configured to get an IPsec tunnel
working, but can be configured as needed:
n
Determine whether the device should use UDP encapsulation even when it does not detect
that NAT is being used.
n
If using IPsec failover, identify the primary tunnel during configuration of the backup tunnel.
n
The Network Address Translation (NAT) keep alive time.
n
The protocol, either Encapsulating Security Payload (ESP) or Authentication Header (AH).
n
The management priority for the IPsec tunnel interface. The active interface with the highest
management priority will have its address reported as the preferred contact address for
central management and direct device access.
n
Enable XAUTH client authentication, and the username and password to be used to
authenticate with the remote peer.
n
Enable Mode-configuration (MODECFG) to receive configuration information, such as the
private IP address, from the remote peer.
n
Disable the padding of IKE packets. This should normally not be done except for compatibility
purposes.
n
Destination networks that require source NAT.
n
Depending on your network and firewall configuration, you may need to add a packet filtering
rule to allow incoming IPsec traffic.
Содержание TX54
Страница 1: ...TX54 User Guide Firmware version 22 2 ...
Страница 190: ...Interfaces Bridging TX54 User Guide 190 ...
Страница 293: ...Hotspot Hotspot configuration TX54 User Guide 293 ...
Страница 332: ...Hotspot Show hotspot status and statistics TX54 User Guide 332 ...
Страница 584: ...Services Simple Network Management Protocol SNMP TX54 User Guide 584 4 Click Download ...
Страница 1069: ...Command line interface Command line reference TX54 User Guide 1069 reboot Reboot the system Parameters None ...