Chapter 5
Setup and Configuration
RUGGEDCOM ROX II
User Guide
634 Managing Private Subnets
Parameter Description
Certificate The selected certificate.
5. In the System Identifier form, configure the following parameters:
Parameter Description
type Synopsis: default, none, from-certificate, address, hostname, der-asn1-dn, user-fqdn
Default: default
The system identifier type. The default value is 'left side public-ip' unless overwritten by
the default connection setting.
Hostname, IP Address or Distinguished
Name in Certificate
The hostname, IP address or the Distinguished Name in the certificate.
6. In the Nexthop to Other System form, configure the following parameters:
Parameter Description
Type Synopsis: default, default-route, address
Default: default
The next hop type. The default value is 'right side public-ip' unless overwritten by the
default connection setting.
IP Address The IP address of the next hop that can be used to reach the destination network.
7. In the Left/Right form, configure the following parameters:
Parameter Description
NAT Traversal Negotiation Method Synopsis: default, draft-ietf-ipsec-nat-t-ike-02, rfc-3947
Default: default
The NAT traversal negotiation method. Some IPsec endpoints prefer RFC 3947 over
draft-ietf-ipsec-nat-t-ike-02 when connecting with Openswan, as these implementations
use different identifiers when NAT is involved. For example, when a Windows
XP/2003 client connects, Openswan reports the main mode peer ID is ID_FQDN:
'@example.com', but when a Vista, Windows 7 or other RFC 3947 compliant client
connects, Openswan reports the main mode peer ID is ID_IPV4_ADDR: '192.168.1.1'.
This will cause issues connecting to the IPsec server. In such cases, setting this option
to draft-ietf-ipsec-nat-t-ike-02 will solve this problem. The default value is 'rfc-3947'
unless overwritten by the default connection setting.
8. If required, configure a subnet for the connection end. For more information, refer to Section 5.28.10.1,
“Configuring Private Subnets for Connection Ends”.
9. Click Commit to save the changes or click Revert All to abort. A confirmation dialog box appears. Click OK
to proceed.
10. Click Exit Transaction or continue making changes.
Section 5.28.10
Managing Private Subnets
If the device is connected to an internal, private subnet, access to the subnet can be granted to the device at the
other end of the IPsec tunnel. Only the IP address and mask of the private subnet is required.
The following sections describe how to configure and manage addresses for private subnets:
To Next Page
Loading...
