Virtual Private Networks (VPN) IPsec
Digi TransPort WR Routers User Guide
198
# IPsec local network
eth 1 IPaddr "192.168.44.1"
# Route to remote network
route 0 IPaddr "192.168.54.0"
route 0 ll_ent "eth"
# IPsec tunnel configuration
eroute 0 peerip "10.0.0.54"
eroute 0 peerid "10.0.0.54"
eroute 0 ourid "10.0.0.44"
eroute 0 ouridtype 3
eroute 0 locip "192.168.44.0"
eroute 0 locmsk "255.255.255.0"
eroute 0 remip "192.168.54.0"
eroute 0 remmsk "255.255.255.0"
eroute 0 ESPauth "sha1"
eroute 0 ESPenc "aes"
eroute 0 authmeth "preshared"
eroute 0 autosa 2
# IKE configuration
ike 0 encalg "aes"
ike 0 keybits 128
ike 0 authalg "sha1"
ike 0 ltime 30000
ike 0 aggressive ON
ike 0 ikegroup 5
# Remote ID / Password
user 1 name "10.0.0.54"
user 1 epassword "MDp6Vko=
Debug an IPsec configuration
If you experience issues with an IPsec tunnel not being successfully negotiated with the remote end of
the tunnel, you can enable IPsec debug messages to be written to a file. Once enabled, the debug
messages are written to a file named ipsec.debug in the root directory of the TransPort device.
To enable IPsec debugging, use the system command ipsec-debug parameter. This parameter
accepts the following values to set the debug level:
n -1 — (Default) No debug information is written. This is the equivalent of turning off debug
messages for IPsec.
n 0 — Basic auditing logs, (for example, SA up/SA down).
n 1 — Generic control flow with errors. Select this for basic debugging information.
n 2 — More detailed debugging control flow.
n 3 — Includes RAW data dumps in hexadecimal format.
n 4 — Also includes sensitive material in dumps (for example, encryption keys).
Command line
digi.router> system ipsec-debug <debug_level>
To Next Page
Loading...
