Digi TransPort WR11 User Manual page 509
Hide thumbs
Also See for TransPort WR11:
- Manual (20 pages) ,
- Installation manual (17 pages) ,
- Quick start quide (2 pages)
Table of Contents
Advertisement
Configuring Virtual Private Networking (VPN)
Command Instance Parameter
ike
0
ike
0
MODECFG Static NAT mappings parameters
MODECFG is an extra stage built into IKE negotiations that fits between IKE phase 1 and IKE phase 2.
It performs operations such as extended authentication (XAUTH) and requesting an IP address from
the host. This IP address becomes the source address to use when sending packets through the
tunnel from the remote to the host. This mode of operation, receiving one IP address from the remote
host, is called client mode. Another mode, network mode, allows the router to send packets with a
range of source addresses through the tunnel.
If the router receives packets from a local interface that need to be routed through the tunnel, it
performs address translation so the source address matches the assigned IP address before
encrypting using the negotiated SA. Some state information is retained so that packets coming in the
opposite direction with matching addresses/ports can have their destination address set to the
source address of the original packet, in the same way as standard NAT.
If the remote end of the tunnel can access units connected to the local interface, the unit that has
been assigned the virtual IP address needs to have some static NAT entries set up. When a packet is
received through the tunnel, the router first looks up existing NAT entries, followed by static NAT
entries to determine whether the destination address/port should be modified, and forwards the
packet to the new address. If a static NAT mapping is found, the router creates a dynamic NAT entry it
uses for the duration of the connection. If no dynamic or stateful entry is found, the packet is directed
to the local protocol handlers.
É
Web
External Port
The lowest destination port number to be matched if the packet is redirected.
Digi TransPort® Routers User Guide
Values
privrsakey
Filename
delmode
0=Normal
1=Remove IKE SA when
last IPsec SA removed
2=Remove IPsec SAs when
IKE SA remove
3=Both
Configure Internet Protocol security (IPsec)
Equivalent web parameter
RSA private key file
SA Removal Mode
509
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
