Digi TransPort WR11 User Manual page 478

Configuring Virtual Private Networking (VPN)
Bring the tunnel up
n
Drop the packet
n
Send the packet without encryption and authentication
n
Bring this tunnel down if it is idle for h hrs m mins s secs
Used when the IPsec tunnel is configured to come up on demand and defines how long the
IPsec tunnel should remain up if there is no traffic is being sent on the tunnel.
Renew the tunnel after
Defines the constraints of when the IPsec tunnel SA has to be renewed.
h hrs m mins s secs
Renew the IPsec SA after the specified amount of time.
n units of traffic
Renew the IPsec SA after the specified amount of traffic has been passed over the tunnel. The
traffic units can be specified as Kbytes, Mbytes or Gbytes. A value of 0 disables this parameter.
SAs will expire and be renewed based on time, rather than amount of traffic.
3. Click Tunnel Negotiation and configure IPsec tunnel negotiation parameters:
Enable IKE tracing
Enables the router to write IKE negotiation information in the analyser trace.
Negotiate a different IP address and Mask
Configures the IPsec tunnel to negotiate a different local LAN IP address and mask. You can
then use the firewall to translate the source addresses of the packets to a value that lies
within the negotiated range. This allows a packet to match more than one IPsec tunnel, but
use a different source address (from the peer's perspective) depending on which IPsec tunnel
is in use.
IP Address
The alternative IP address to negotiate.
Mask
The alternative IP mask to negotiate.
Negotiate a virtual IP address using MODECFG
Used when the remote peer is a Cisco device using MODECFG to assign a specific IP address to
this router during SA setup negotiations. This is commonly seen in Remote Access (RA) type
VPNs and EasyVPN solutions.
Digi TransPort® Routers User Guide
Configure Internet Protocol security (IPsec)
478