IPsec parameters
Digi TransPort User Guide 407
IPsec Default Action
Like a normal IP routing set-up, IPSec Tunnels have a default configuration that is applied if no
specific tunnel can be found. This is useful when, for instance, you wish to have a number of
remote users connect via a secure channel, for example, to access company financial
information, but also still allow general remote access to other specific servers on your network
or the Internet.
When a packet is received which does not match any IPsec tunnel
How the router responds if a packet is received when there is no SA.
•If you select the Drop the packet option, only packets that match a specified IPsec tunnel
are routed; all other data will be discarded. This has the effect of enforcing a secure
connection to all devices behind the router.
•If you select the Pass the packet option, packets that match an IPsec tunnel are decrypted
and authenticated (depending on the IPsec tunnel’s configuration) but data that does not
match will also be allowed to pass.
When a packet is to be transmitted which does not match any IPsec tunnel
How the router will respond if a packet is transmitted when there is no SA.
•If you select the Drop the packet option, then only packets that match a specified IPsec
tunnel are routed, all other data is discarded.
•If you select the Pass the packet option, then data that matches an IPsec tunnel is
encrypted and authenticated, depending on the IPsec tunnel configuration, but data that
does not match will also be allowed to pass.
Related CLI commands
Entity Instance Parameter Values Equivalent Web Parameter
def_eroute 0 nosain drop, pass When a packet is received which
does not match any IPsec tunnel.
def_eroute 0 nosaout drop, pass When a packet is to be transmitted
which does not match any IPsec
tunnel.
To Next Page
Loading...
