beautypg.com

Westermo MR Series User Manual

Page 156

background image

156

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

Interface to use for local subnet IP address /
Interface # to use for local subnet IP address:

Together, these parameters allow the local subnet setting (Local subnet IP address/Local subnet
mask) to take the value of the IP address of an interface. To configure, clear the Local subnet
IP address and Local subnet mask parameters, and then configure the Interface to use for local
subnet IP address as either “PPP” or “Ethernet” and Interface # to use for local subnet IP
address interface instance (e.g. PPP 1).

Local subnet IP address:

This is the IP address of the local sub-net. This will usually be the IP address of the local router’s
Ethernet interface or that of a specific device on the local sub-net (such as a PC running a client
or host application).

Local subnet mask:

When connecting two sub-nets it will often be desirable to allow any device on one sub-net to
connect to any other device on the remote sub-net. This mask sets the range of addresses that
will be allowed to use the Eroute.

Local subnet IP address to negotiate (if different from above) /
Local subnet mask to negotiate (if different from above):

If eroutes are allowed to negotiate local traffic selectors which differ from the normal ones,
these two parameters will be the values used when negotiating the tunnels. The firewall can
then be used to translate the source addresses of packets to a value that lies within the negoti-
ated range. This is so that a packet can match more than one eroute, but will use a different
source address (from the peers perspective) depending on which tunnel gets used.

Remote subnet IP address:

This is the IP address of the remote sub-net. It will usually be the IP address of the remote
router’s Ethernet interface or that of a specific device on the remote sub-net (such as a PC run-
ning a client or host application).

Remote subnet mask:

When connecting two sub-nets it will often be desirable to allow any device on one sub-net to
connect to any other device on the remote sub-net. This mask sets the range of addresses that
can be addressed on the remote sub-net via the Eroute.

Remote subnet ID:

When the unit is in server mode and negotiating IPsec from behind a NAT box, the Remote
subnet IP address and Remote subnet mask parameters should be left blank, and this parameter
should be configured to the ID sent by the remote Windows client (this is usually the computer
name).

Local port / Remote port:

These parameters are used to match packets with a particular Eroute. For example, if Local
port is 0 and Remote port is 80, only packets where the TCP or UDP remote port number is
80 will be matched by the Eroute. The value of 0 indicates that any port will match.

TX packets with these TOS values through this eroute:

Packets with matching TOS will not get tunnelled through any other eroute. Traffic selector
matching etc still takes place. Packets with a TOS that don’t match any of those in the list get
tunnelled as usual. Separate values with comma’s e.g. 2,4

First local port (IKEv2 only) / Last local port (IKEv2 only):

These parameters allow you to restrict which ports on the unit will be able to send and receive
traffic on this Eroute.

This manual is related to the following products:
See also other documents in the category Westermo Equipment: