beautypg.com

Westermo MR Series User Manual

Page 142

background image

142

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

Send RESPONDER-LIFETIME notifications:

Enables and disables the RESPONDER-LIFETIME notifications sent to the initiator. If an initiator
requests an IKE lifetime that is greater than the responder, a notification will be sent and the
initiator should reduce its lifetime value accordingly.

NAT traversal enabled:

When set to “On”, this parameter enables support for NAT traversal within IKE/IPSec. When
one end of an IPSec tunnel is behind a NAT box, some form of NAT traversal may be required
before the IPSec tunnel can pass packets. Turning NAT traversal on enables the IKE protocol to
discover whether or not one or both ends of a tunnel is behind a NAT box, and implements a
standard NAT traversal protocol if NAT is being performed.

The version of NAT traversal supported is that described in the IETF draft “draft-ietf-ipsec-nat-
t ike-03.txt”.

NAT traversal keep-alive interval (s):

This parameter may be used to set a timer (in seconds), such that the unit will send regular
packets to a NAT device in order to prevent the NAT table from expiring.

RSA private key file:

This parameter specifies the name of a file for the X.509 certificate holding the unit’s private
part of the public/private key pair used in certificate exchanges. See “X.509 Certificates” in the
“IPSec and VPNs” section for further explanation.

SA removal mode:

This parameter determines how IPSec and IKE SAs are removed:

“Normal” operation will not delete the IKE SA when all the IPSec SAs that were created by it
are removed, and will not remove IPSec SAs when the IKE SA that was used to create them
is deleted. “Remove IKE SA when last IPSec SA removed” will delete the IKE SA when all the
IPsec SAs that it created to a particular peer are removed.

“Remove IPSec SAs when IKE SA removed” will delete all IPSec SAs that have been created by
the IKE SA that has been removed.

“Both” will remove IPSec SAs when their IKE SA is deleted, and delete IKE SAs when their
IPSec SAs are removed.

Use debug port:

When this parameter is set to “No”, any debug information is sent to the normal analyser trace
where it may be filtered according to the analyser configuration. When set to “Yes”, debug infor-
mation is also sent to the debug port i.e. the port specified in the debug command used at the
command line.

Debug level:

This parameter is used to control the amount of information contained in debug traces. It can
be set to “Off”, “Low”, “Med”, “High” or “Very High”. Setting the parameter to “Off” disables
debug tracing.

This manual is related to the following products:
See also other documents in the category Westermo Equipment: