Digi TransPort WR31 User Manual page 446
Hide thumbs
Also See for TransPort WR31:
- Technical support (26 pages) ,
- User manual (9 pages) ,
- Quick start manual (2 pages)
Table of Contents
Advertisement
Configure Virtual Private Networking (VPN)
MODECFG Static NAT mappings parameters
MODECFG is an extra stage built into IKE negotiations that fits between IKE phase 1 and IKE phase 2.
It performs operations such as extended authentication (XAUTH) and requesting an IP address from
the host. This IP address becomes the source address to use when sending packets through the
tunnel from the remote to the host. This mode of operation, receiving one IP address from the
remote host, is called client mode. Another mode, network mode, allows the router to send packets
with a range of source addresses through the tunnel.
If the router receives packets from a local interface that need to be routed through the tunnel, it
performs address translation so the source address matches the assigned IP address before
encrypting using the negotiated SA. Some state information is retained so that packets coming in
the opposite direction with matching addresses/ports can have their destination address set to the
source address of the original packet, in the same way as standard NAT.
If the remote end of the tunnel can access units connected to the local interface, the unit that has
been assigned the virtual IP address needs to have some static NAT entries set up. When a packet is
received through the tunnel, the router first looks up existing NAT entries, followed by static NAT
entries to determine whether the destination address/port should be modified, and forwards the
packet to the new address. If a static NAT mapping is found, the router creates a dynamic NAT entry
it uses for the duration of the connection. If no dynamic or stateful entry is found, the packet is
directed to the local protocol handlers.
External Port
The lowest destination port number to be matched if the packet is redirected.
Forward to Internal IP Address
An IP address to which packets containing the specified destination port number are redirected.
Forward to Internal Port
A port number to which packets containing the specified destination port number are
redirected.
Port Range Count
The number of ports to be matched.
Add button
Adds the static NAT mapping to the IPsec tunnel configuration.
Digi TransPort WR Routers User Guide
IPsec parameters
446
- Quick Links:
- Transport Wr31
- Log in to the Device
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
