Westermo RedFox Series User Manual

Westermo OS Management Guide

Version 4.17.0-0

Continued from previous page

Remote Subnet
Address &
Netmask, &
Shared Subnet
(Checkbox)

The Address (e.g.

192.168.11.0) and Netmask (e.g.,

255.255.255.0) define the remote subnet. Only traffic
to this IP range is allowed to enter the tunnel through this
gateway, and traffic arriving through the tunnel is only
accepted when destined to an address in this range.
In case the remote peer is a PC (see

fig. 35.3

), specify

the PC’s VPN client IP address (e.g., 192.168.12.49) as
Address, and 255.255.255.255 as Netmask.
If no remote subnet is specified, only traffic to/from the IP
address of the Remote Peer will be allowed through the
tunnel.
On a responder, you can specify that the remote subnet
configured is shared by multiple initiators by setting the
Shared subnet checkbox. The local subnet of each ini-
tiator must be within the range specified by the respon-
der’s remote subnet. By un-checking the Shared subnet,
there can only be one initiator for this tunnel configura-
tion, and its local subnet must match the responder’s re-
mote subnet.

Dead Peer De-
tection

The DPD Action. The DPD action defines how the VPN
gateway should react when the peer is determined to be
unreachable (i.e., ”dead”).

DPD Delay

The DPD delay is the interval between DPD probing mes-
sages sent by this VPN gateway. (The DPD delay setting
on the two peers are independent, thus they may differ.)

DPD Timeout

If a period corresponding to the DPD timeout elapses
without getting any response on the DPD probe mes-
sages, the VPN gateway considers the peer to be down.

➞ 2015 Westermo Teleindustri AB

813