Table of Contents
Advertisement
15 VPN
328
Field
IPSec Callback
bintec elmeg devices support the DynDNS service to enable hosts without fixed IP ad-
dresses to obtain a secure connection over the Internet. This service enables a peer to be
identified using a host name that can be resolved by DNS. You do not need to configure
the IP address of the peer.
The DynDNS service does not signal whether a peer is actually online and cannot cause a
peer to set up an Internet connection to enable an IPSec tunnel over the Internet. This pos-
sibility is created with IPSec callback: Using a direct ISDN call to a peer, you can signal
that you are online and waiting for the peer to set up an IPSec tunnel over the Internet. If
the called peer currently has no connection to the Internet, the ISDN call causes a connec-
tion to be set up. This ISDN call costs nothing (depending on country), as it does not have
to be accepted by your device. The identification of the caller from his or her ISDN number
is enough information to initiate setting up a tunnel.
To set up this service, you must first configure a call number for IPSec callback on the
passive side in the Physical Interfaces->ISDN Ports->MSN Configuration->New menu.
The value
is available for this purpose in the field Service. This entry ensures that
incoming calls for this number are routed to the IPSec service.
If callback is active, the peer is caused to initiate setting up an IPSec tunnel by an ISDN
call as soon as this tunnel is required. If callback is set to passive, setting up a tunnel to the
peer is always initiated if an ISDN call is received on the relevant number ( MSN in menu
Physical Interfaces->ISDN Ports->MSN Configuration->New for Service
ensures that both peers are reachable and that the connection can be set up over the Inter-
net. The only case in which callback is not executed is if SAs (Security Associations)
already exist, i.e. the tunnel to the peer already exists.
Description
•
(default value): Deactivates Proxy ARP for this
IPSec peer.
•
: Your device only responds to an ARP re-
quest if the status of the connection to the IPSec peer is
(active) or
your device only responds to the ARP request; the connection
is not set up until someone actually wants to use the route.
•
: Your device responds to an ARP request only if the
status of the connection to the IPSec peer is
connection already exists to the IPSec peer.
bintec elmeg GmbH
(dormant). In the case of
(active), i.e. a
,
). This
bintec RS Series
Hide quick links:
Advertisement
Table of Contents
