Confi gure > ip routes > default route n 4.41, Confi gure > ipsec 4.42 – Westermo MR Series User Manual

133

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

Confi gure > IP Routes > Default Route n

4.41

The Configure > IP Routes > Default Route n pages allow you to set up default IP routes that
will be used to route all non-local IP addresses not specified in a static IP route. The parameters are
identical to those on the static route pages with the exception that there are no IP address or Mask
parameters.

Confi gure > IPSec

4.42

IPSec (Internet Protocol Security) refers to a group of protocols and standards that may be used to
protect data during transmission over the Internet (which is not inherently secure). Various levels of
support for IPSec can be provided on your unit depending upon which model you have purchased.
The web pages located under the heading Configure > IPSec are used to set the various param-
eters and options that are available. You should note however that this is a complex area and you
should have a good understanding of user authentication and data encryption techniques before you
commence. For further information refer to “IPSec and VPNs” in this manual.

The first stage in establishing a secure link between two endpoints on an IP network is for those
two points to securely exchange a little information about each other. This enables the endpoint
respond ing to the request to decide whether it wishes to enter a secure dialogue with the endpoint
requesting it. To achieve this, the two endpoints commonly identify themselves and verify the identi-
ty of the other party. They must do this in a secure manner so that the process cannot be “listened
in to” by any third party. The IKE protocol is used to perform this “checking” and if everything
matches up it creates a Security Association (SA) between the two endpoints, normally one for data
being sent TO the remote end and one for data being received FROM it.

Once this initial association exists the two devices can “talk” securely about and exchange informa-
tion on what kind of security protocols they would like to use to establish a secure data link, i.e.
what sort of encryption and/or authentication they can use and what sources/destinations they will
accept. When this second stage is complete (and provided that both systems have agreed what they
will do), IPSec will have set up its own Security Associations which it uses to test incoming and out-
going data packets for eligibility and perform security operations on before passing them down or
relaying them from the “tunnel”.

The Configure > IPSEC folder opens to list configuration pages for IKE 0 and IKE 1 with a sepa-
rate page for IKE Responder. The IKE 0 instance can be used as an IKE “initiator” or as an IKE
“responder” whereas IKE 1 can only be used as an initiator. The IKE 0 and IKE 1 pages are there-
fore used to set up the IKE 0 and IKE 1 initiator parameters as required. The IKE Responder page is
used to set up the responder parameters for IKE 0. There is also a DPD configuration page, which
contains configuration information for Dead Peer Detection.