Virtual PrivateNetworks(VPN) IPsec
IX20 User Guide
484
n
The management priority for the IPsec tunnel interface. Theactiveinterfacewith the highest
management priority will have its addressreported as the preferred contact address for central
management and direct device access.
n
Enable XAUTH client authentication, and the username and password to be used to
authenticate with the remote peer.
n
Enable Mode-configuration (MODECFG) to receive configuration information, such asthe
private IPaddress, from the remote peer.
n
Disable the padding of IKEpackets. Thisshould normally not be doneexcept for compatibility
purposes.
n
Destination networksthat require source NAT.
n
Depending on your network and firewall configuration, you may need to add a packet filtering
rule to allow incoming IPsec traffic.
n
Tunnel and key renegotiating
l
The lifetime of the IPsec tunnel before it isrenegotiated.
l
The amount of time before the IKEphase 1 lifetime expires.
l
The amount of time before the IKE phase 2 lifetime expires
l
The lifetime margin, a randomizing amount of time before the IPsec tunnel is renegotiated.
Note if the remote networks for an IPsec tunnel overlap with the networks for a WAN internet
connection (wired, cellular, or otherwise), you must configure a static route to direct the traffic either
through the IPsec tunnel, or through the WAN (outside of the IPsec tunnel). See Configure a static
route for information about configuring a static route.
Web
1. Log into Digi Remote Manager, or log into the local Web UI asa user with full Admin access
rights.
2. Access the device configuration:
Remote Manager:
a. Locate your device as described in Use Digi Remote Manager to view and manage your
device.
b. Click the Device ID.
c. Click Settings.
d. Click to expand Config.
Local Web UI:
a. On the menu, click System. Under Configuration, click Device Configuration.
The Configuration window is displayed.
To Next Page
Loading...