Table of Contents
Advertisement
Virtual Private Networks (VPN)
Note
Depending on your network configuration, you may need to add a packet filtering rule to
allow incoming traffic. For example, for the IPsec zone:
a. Type ... to move to the root of the configuration:
(config vpn ipsec tunnel ipsec_example)> ...
(config)>
b. Add a packet filter:
(config)> add firewall filter end
(config firewall filter 2)>
c. Set the label to Allow incoming IPsec traffic:
(config config firewall filter 2)> label "Allow incoming IPsec
traffic"
(config firewall filter 2)>
d. Set the source zone to ipsec:
(config config firewall filter 2)> src_zone ipsec
(config firewall filter 2)>
6. Set the metric for the IPsec tunnel. When more than one active route matches a destination,
the route with the lowest metric is used. The metric can also be used in tandem with SureLink
to configure IPsec failover behavior. See
(config vpn ipsec tunnel ipsec_example)> metric value
(config vpn ipsec tunnel ipsec_example)>
where value is any integer between 0 and 65535.
7. Set the mode:
(config vpn ipsec tunnel ipsec_example)> mode mode
(config vpn ipsec tunnel ipsec_example)>
where mode is either:
tunnel: The entire IP packet is encrypted and/or authenticated and then encapsulated
n
as the payload in a new IP packet.
transport: Only the payload of the IP packet is encrypted and/or authenticated. The IP
n
header is unencrypted.
The default is tunnel.
8. Set the protocol:
(config vpn ipsec tunnel ipsec_example)> type protocol
(config vpn ipsec tunnel ipsec_example)>
where protocol is either:
Digi Connect EZ Mini User Guide
Configure IPsec failover
for more information.
IPsec
135
Advertisement
Table of Contents
