Perle Systems IOLINK-520 User Manual
Page 60
Applications
2.40 — IOLINK-520 & IOLINK-PRO Installation & Applications Guide
make provision for NAT to be used with tunneling. We will use this example for the configuration
on the pages that follow.
The setup for an IPSec connection is done in the IP security set-up menu under Configuration -
Packet Services. IP Security may be disabled to check the link connections before the secure
connection is set-up.
Security Level
Location: Main
! Configuration
! Packet Services Set-up
! IP Security Set-up
! IP Security
Be sure to toggle IP Security back to enabled when IPSec is configured.
Each data packet that goes through an IPSec router will be tested against one or more sets
of rules concerning the source IP Address of the packet, the destination IP Address of the
packet, the IP protocol (TCP, UDP, etc.) associated with the packet, the source port from
which the packet originated and destination port to which it is going. An action determined
by the outcome of the test is then performed on the packet (such as IPSec processing,
discard, etc.).
The first step in setting up IPSec is to define the local address that the router will use for the
local end of the tunnel (SA)
IPSec Policy Set-up
Location: Main
! Configuration
! Packet Services Set-up
! IP Security Set-up
! Policy Set-up
! Local IP address
—
199.22.33.01
The Local IP Address must be an IP address for this router on the public
network. It should not be a dynamically assigned address. In this case Router 1’s
address will be the numbered WAN link
199.22.33.01
. If this connection had
been set-up as an unnumbered link, then the local IP would be set as “LAN’ or
the router’s IP address. Note that in the case of unnumbered links, the LANs
would require registered IP addresses to operate over the Internet.
The policy is applied at the WAN link (the outbound IPSec interface), this must be specified
IPSec Policy Set-up
Location: Main
! Configuration
! Packet Services Set-up
! IP Security Set-up
! Interfaces Set-up
! IPSec Interface
WAN
"
"
"
"
"
"
"
"
"
"
"
"