EasyManuals Logo

Digi IX20 User Manual

Digi IX20
1188 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #483 background imageLoading...
Page #483 background image
Virtual PrivateNetworks(VPN) IPsec
IX20 User Guide
483
Required configuration items
n
IPsec tunnel configuration items:
l
Aname for the tunnel.
Note If the tunnel name is more than eight characters, the name will be truncated in the
underlying network interface to the first six characters followed by three digits,
incrementing from 000. Thisaffects any custom scripts or firewall rulesthat may be trying
to adjust the tunnels interface or routing table entries.
l
The mode: either tunnel or transport.
l
Enable the IPsec tunnel.
The IPsec tunnel is enabled by default.
l
The firewall zone of the IPsec tunnel.
l
The routing metric for routes associated with this IPsec tunnel.
l
The authentication type and pre-shared key or other applicable keys and certificates.
If SCEPcertificateswill be selected as the Authentication type, create the SCEPclient prior
to configuring the IPsec tunnel. See Configure a Simple Certificate Enrollment Protocol
client for instructions.
l
The local endpoint typeand IDvalues, and the remote endpoint host and IDvalues.
n
IKE configuration items
l
The IKEversion, either IKEv1or IKEv2.
l
Whether to initiate a key exchange or wait for an incoming request.
l
The IKE mode, either main aggressive.
l
The IKEauthentication protocol to use for the IPsec tunnel negotiation during phase 1 and
phase 2.
l
The IKEencryption protocol to use for the IPsec tunnel negotiation during phase 1 and
phase 2.
l
The IKEDiffie-Hellman group to use for the IPsec tunnel negotiation during phase 1 and
phase 2.
n
Enable dead peer detection and configure the delay and timeout.
n
Destination networksthat require source NAT.
n
Activerecovery configuration. See Configure SureLink activerecovery for IPsec for information
about IPsec active recovery.
Additional configuration items
The following additional configuration settings are not typically configured to get an IPsec tunnel
working, but can beconfigured as needed:
n
Determine whether the device should use UDPencapsulation even when it doesnot detect
that NAT is being used.
n
If using IPsec failover, identify the primary tunnel during configuration of the backup tunnel.
n
The Network Address Translation (NAT) keep alive time.
n
The protocol, either Encapsulating Security Payload (ESP) or Authentication Header (AH).

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Digi IX20 and is the answer not in the manual?

Digi IX20 Specifications

General IconGeneral
CategoryWireless Router
Cellular Connectivity4G LTE
Ethernet Ports4
Wi-Fi802.11ac
SIM Slots2
WAN Ports1
LAN Ports3
Weight0.5 kg
Operating Temperature-40°C to +70°C (-40°F to +158°F)