Digi TransPort User Manual page 241

Tunnel this IPsec tunnel inside another IPsec tunnel
It is possible to tunnel packets from an IPsec tunnel within a second (or more) tunnel. When
this parameter is enabled.
NAT-Traversal Keepalive timer s seconds
Sets the interval period, in seconds, that the router will use to send regular packets to a NAT
device in order to prevent the NAT table entry from expiring.
Allow protocol IP protocol(s) in this tunnel
This restricts the type of IP packets that will be tunnelled through the IPsec tunnel. The options
are:
• All
• TCP
• UDP
• GRE
IP packets with ToS values n must use this tunnel
Packets with matching ToS fields will only be tunneled through this IPsec tunnel and no
others. The usual traffic selector matching still takes place as normal. Packets that don't have
matching ToS values will get tunneled as normal.
Enter the ToS values as a comma separated list, such as, 2,4.
Only tunnel IP packets with
This restricts the IP packets that will be tunneled to those with matching TCP/UDP port
numbers.
local TCP/UDP port n
Allow IP packets with matching source TCP/UDP ports to be tunneled.
remote TCP/UDP port n
Allow IP packets with matching destination TCP/UDP ports to be tunneled.
local TCP/UDP port in the range of n1 to n2
Allow IP packets with source TCP/UDP ports in the specified range to be tunneled. This is only
available when IKEv2 is used.
remote TCP/UDP port in the range of n1 to n2
Allow IP packets with destination TCP/UDP ports in the specified range to be tunneled. This is
only available when IKEv2 is used
Related CLI commands
Entity Instance
eroute n
eroute n
eroute n
Digi TransPort User Guide
Parameter Values
mode tunnel,
transport
ahauth off, md5, sha1
ipcompalg off, deflate
IPsec parameters
Equivalent Web Parameter
IPsec Mode
Use a AH authentication on this tunnel
Use c compression on this tunnel
241