Digi TransPort WR11 User Manual page 480

Configuring Virtual Private Networking (VPN)
None
n
MD5
n
SHA1
n
Use algorithm compression on this tunnel
The compression algorithm to use with this IPsec tunnel. The options are:
None
n
DEFLATE
n
Delete SAs when this tunnel is down
When selected, all SAs associated with the IPsec tunnel are deleted when the tunnel goes out
of service.
Replay detection window
The size of the replay detection window. When set to 0 (default), replay detection is disabled.
Maximum replay window size is 32.
Delete SAs when router is not a VRRP master
When selected, at least one Ethernet interface must be set as VRRP Master before the router
can create SAs. If the router switches away from VRRP Master state, the SAs will be deleted.
When the router switches back to VRRP Master state, the SAs will be created automatically.
Go out of service if automatic establishment fails
The router will take the IPsec tunnel out of service if the automatic establishment fails rather
than continually retrying.
Disconnect the configured interface after n consecutive auto-negotiation failures
The router will take the IPsec tunnel out of service if the auto-negotiation fails for the specified
consecutive number of times rather than continually retrying.
This tunnel can only use apn
When enabled, this parameter allows you to choose between using the main APN or the
backup APN, as defined in the Configuration > Network > Serial > W-WAN Port page.
Link tunnel with interface with x,y
When enabled, this parameter can be set so that the IPsec tunnel will only match packets
using the specified interface. When this parameter is enabled, the route will take outgoing
packets going through this IPsec tunnel and recheck to see if the resultant packet also goes
through a tunnel.
If the inner tunnel is an IPsec tunnel (such as needs IKE), you can get the inner IKE to use the
correct source address (matching the outer tunnel selectors) by enabling the Use secondary IP
address parameter and the inner IKE will use the IP address configured in the Secondary IP
address parameter on the Configuration > Network > Advanced Network Settings page.
Inhibit this IPsec tunnel when IPsec tunnels n are up
A list of IPsec tunnels that can inhibit using this IPsec tunnel as long as they are up. If this IPsec
tunnel has been allowed to come up, and the IPsec tunnel that inhibits it comes back up, this
IPsec is taken down and any SAs that may have existed are removed. As soon as an inhibiting
Digi TransPort® Routers User Guide
Configure Internet Protocol security (IPsec)
480