Configure Ethernet interfaces
Digi TransPort User Guide 158
Enable IPsec on this interface
Enables or disables IPSec security features for this Ethernet interface.
Use interface x,y for the source IP address of IPsec packets
By default, the source IP address for an IPsec Eroute is the IP address of the interface on which
IPSec was enabled. By setting this parameter to either PPP or Ethernet and the relevant
interface number, the source address used by IPSec matches that of the Ethernet or PPP
interface specified.
Enable the firewall on this interface
Turns Firewall script processing On or Off for this interface.
Remote management access
The Remote access options parameter can be set to No restrictions, Disable management,
Disable return RST, Disable management an return RST.
• When set to No restrictions, users on this interface can access the router’s Telnet, FTP, and
web services for the purpose of managing the router.
• When set to Disable management, users on this interface are prevented from managing
the router via Telnet, FTP, or the web interface.
•For Disable return RST, whenever a router receives a TCP SYN packet for one of its own IP
addresses with the destination port set to an unexpected value, such as a port that the
router would normally expect to receive TCP traffic on, it will reply with a TCP RST packet.
This is normal behavior. However, the nature of internet traffic is such that whenever an
internet connection is established, TCYP SYN packets are to be expected. As the router’s
PPP inactivity timer is restarted each time the router transmits data (but not when it
receives data), the standard response of the router to SYN packets such as transmitting an
RST packet, will restart the inactivity timer and prevent the router from disconnecting the
link even when there is no genuine traffic. This effect can be prevented by using the
appropriate commands and options within the firewall script. However, on Digi 1000 series
routers, or where you are not using a firewall, the same result can be achieved by selecting
this option, such as when this option is selected the normal behavior of the router in
responding to SYN packets with RST packets is disabled. The option will also prevent the
router from responding to unsolicited UDP packets with the normal ICMP destination
unreachable responses.
•The Disable management & return RST option prevents users from managing the router
via the Telnet, FTP, and web interfaces and also disables the transmission of TCP RST
packets as above.
To Next Page
Loading...
