beautypg.com

Westermo MR Series User Manual

Page 159

background image

159

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

It is important to understand that for an IPSec connection between any 2 units there is only
one shared secret. This means that for one IPSec session only one entry is required in the
user table of each router. For Aggressive mode the Name field should be the same as the Our
ID parameter in the remote unit’s Eroute. (Or in the case of a Cisco™, it should be the host
name of the remote Cisco™.) For Main mode operation the Name field should be set to the IP
address of the remote unit. In both cases the Password field should contain the shared secret.

Note:
The remote unit should also have this same secret in the Password field of its user table with
the Name field set to the value of the Our ID parameter in the local unit.

This eroute is tunnelled within another eroute:

It is now possible to tunnel packets within a second (or more) tunnel. When this parameter is
set to “On”, the unit will take outgoing packets going through this tunnel and once tunnelled,
will recheck to see if the resultant packet also goes through a tunnel.

If the inner tunnel is an IPsec tunnel (i.e. needs IKE), you can get the inner IKE to use the cor-
rect source address (matching the outer tunnel selectors) by setting the Use secondary IP
address parameter to “Yes” and the inner IKE will use the IP address set in the Secondary IP
address parameter on the Configure > General page.

GRE mode:

This parameter enables GRE (Generic Routing Encapsulation) for this Eroute instance. GRE is a
simple tunnelling protocol that does not provide encryption or authentication. To use GRE it is
not necessary to configure most of the parameters on this page. The following parameters only
will need to be configured on this page:

Peer IP/hostname

Local subnet IP address

Remote subnet IP address

Remote subnet mask

GRE

Note:
From firmware version 4955 this web option and corresponding CLI commands have been
removed. GRE tunnels should be configured from Configure > Tunnel (GRE)

Additionally the GRE parameter will have to be enabled on the appropriate Interface, e.g. for
PPP 1 on the Configure > PPP > PPP 1 > Standard page this would be achieved by setting the
GRE parameter to “Yes”. For further details refer to RFC2784.

NAT traversal keep-alive interval (s):

This parameter may be used to set a timer (in seconds), such that the unit will send regular
packets to a NAT device in order to prevent the NAT table from expiring.

Link Eroute with interface / Link Eroute with interface #:

These parameters can be configured to ensure that the Eroute only match packets using the
specified interface. Where Eroutes are linked to Ethernet interfaces it might be necessary to use
the “Group” or “Port Isolated” modes, in the Ethernet set up menu.

IKE config to use when initiator:

This parameter is used to specify whether the IKE 0 or IKE 1 config is used when the unit is
being configured as an Initiator.

IKE version:

This parameter allows you to choose which version of IKE to use. The default value is “1”.

Check APN usage:

When this parameter is set to “Yes”, the Eroute can only use the APN specified in the Interface
must use this APN parameter.

This manual is related to the following products:
See also other documents in the category Westermo Equipment: