Westermo RedFox Series User Manual
Page 812
Westermo OS Management Guide
Version 4.17.0-0
General part:
Instance
number
The IPsec tunnel index. Each configured IPsec tunnel is
identified by a number for maintenance purposes. This
ID is of local significance only.
Enabled
A tunnel can be configured as Enabled or Disabled.
Note: Tunnels which are not intended to be used should
either be deleted (
) or disabled.
Role
Configure the VPN gateway to act as Initiator or Respon-
der of the VPN tunnel.
Network part:
Outbound
Interface
The outbound interface for this tunnel. The interface can
either be stated explicitly (e.g., vlan3) or implicitly as the
interface leading to the Default Gateway.
Remote Peer
Any
(Checkbox)
Click the Any checkbox if the remote peer can connect
from any IP address.
This is typically the case if the
remote peer is a road warrior, who may use different
addresses every time he/she connects. A VPN gateway
should only consider setting Remote Peer to Any if it is
acting as Responder (i.e., when the remote peer is acting
as Initiator).
Un-check the Any checkbox to specify a specific IP ad-
dress (or domain name) for the remote host, see the item
below.
Remote Peer
Address/Name
The IP address (e.g., 1.2.3.4) or domain name (e.g.,
foobar.example.com) of the remote peer. This option
is required if the node is acting as Initiator of the VPN
tunnel.
This option is only possible to set if the Any checkbox is
un-checked.
Local Subnet
Address &
Netmask
The Address (e.g.
192.168.10.0) and Netmask (e.g.,
255.255.255.0) define the local subnet. Only traffic from
this IP range is allowed to enter the tunnel through this
gateway, and traffic arriving through the tunnel is only
accepted when destined to an address in this range.
If no local subnet is specified, only traffic to/from the
IP address of the Outbound Interface will be allowed
through the tunnel.
Continued on next page
812
➞ 2015 Westermo Teleindustri AB