Configure Virtual Private Networking (VPN) IPsec parameters
Digi TransPort WR Routers User Guide 422
IPsec Default Action
Like a normal IP routing set-up, IPSec Tunnels have a default configuration that is applied if no
specific tunnel can be found. This is useful when, for instance, you wish to have a number of remote
users connect via a secure channel, for example, to access company financial information, but also
still allow general remote access to other specific servers on your network or the Internet.
When a packet is received which does not match any IPsec tunnel
How the router responds if a packet is received when there is no SA.
• If you select the Drop the packet option, only packets that match a specified IPsec tunnel
are routed; all other data will be discarded. This has the effect of enforcing a secure
connection to all devices behind the router.
• If you select the Pass the packet option, packets that match an IPsec tunnel are decrypted
and authenticated (depending on the IPsec tunnel’s configuration) but data that does not
match will also be allowed to pass.
When a packet is to be transmitted which does not match any IPsec tunnel
How the router will respond if a packet is transmitted when there is no SA.
• If you select the Drop the packet option, then only packets that match a specified IPsec
tunnel are routed, all other data is discarded.
• If you select the Pass the packet option, then data that matches an IPsec tunnel is encrypted
and authenticated, depending on the IPsec tunnel configuration, but data that does not
match will also be allowed to pass.
Related CLI commands
Entity Instance Parameter Values Equivalent web parameter
def_eroute 0 nosain drop, pass When a packet is received which does not
match any IPsec tunnel.
def_eroute 0 nosaout drop, pass When a packet is to be transmitted which does
not match any IPsec tunnel.
To Next Page
Loading...
