Line 532: |
Line 532: |
| <tr> | | <tr> |
| <td>Left firewall</td> | | <td>Left firewall</td> |
− | <td>yes | no; Default: <b>yes</b></td> | + | <td>off | on; Default: <b>on</b></td> |
− | <td>Excludes IPsec instance from firewall rules.</td> | + | <td>Adds neccessary firewall rules to allow traffic of this IPsec instance on this router.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
| <td>Force encapsulation</td> | | <td>Force encapsulation</td> |
| <td>yes | no; Default: <b>no</b></td> | | <td>yes | no; Default: <b>no</b></td> |
− | <td>Forces UDP encapsulation for ESP packets even if no NAT situation is detected.</td> | + | <td>Forces UDP encapsulation for ESP packets even if a "no NAT" situation is detected.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 553: |
Line 553: |
| <td><span style="color: #0054a6;">Dead Peer Detection:</span> Timeout (sec)</td> | | <td><span style="color: #0054a6;">Dead Peer Detection:</span> Timeout (sec)</td> |
| <td>integer; Default: <b>none</b></td> | | <td>integer; Default: <b>none</b></td> |
− | <td>Time limit after the IPsec instance will stop checking the availability of a peer and determine it to be "dead" if no response is received.</td> | + | <td>Time limit after which the IPsec instance will stop checking the availability of a peer and determine it to be "dead" if no response is received.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 563: |
Line 563: |
| <td><span style="color: red;">Tunnel:</span> Remote IP address/subnet mask</td> | | <td><span style="color: red;">Tunnel:</span> Remote IP address/subnet mask</td> |
| <td>ip/netmask; Default: <b>none</b></td> | | <td>ip/netmask; Default: <b>none</b></td> |
− | <td>Remote network IP address and subnet mask used to determine which part of the network can be accessed in the VPN network. Netmask range [0..32]. This values must differ from the device’s LAN IP.</td> | + | <td>Remote network IP address and subnet mask used to determine which part of the network can be accessed in the VPN network. Netmask range [0..32]. This value must differ from the device’s LAN IP.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
| <td>Right firewall</td> | | <td>Right firewall</td> |
| <td>yes | no; Default: <b>yes</b></td> | | <td>yes | no; Default: <b>yes</b></td> |
− | <td>Excludes remote side IPsec instance from firewall rules.</td> | + | <td>Adds neccessary firewall rules to allow traffic of from the opposite IPsec instance on this router.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 604: |
Line 604: |
| <b>Additional notes</b>: | | <b>Additional notes</b>: |
| <ul> | | <ul> |
− | <li>Some configuration fields become available only when certain other parameters are selected. The names of the parameters are followed by a prefix that specifies the authentication type under which they become visible. Different color codes are used for different praefixa: | + | <li>Some configuration fields become available only when certain other parameters are selected. The names of the parameters are followed by a prefix that specifies the authentication type under which they become visible. Different color codes are used for different prefixes: |
| <ul> | | <ul> |
| <li>Red for <span style="color: red;">Type: Tunnel</span></li> | | <li>Red for <span style="color: red;">Type: Tunnel</span></li> |
Line 616: |
Line 616: |
| ===Phase settings=== | | ===Phase settings=== |
| ---- | | ---- |
− | IKE (Internet Key Exchange) is a protocol used to set up security associations (SAs) for the IPsec connection. This process is required before any IPsec tunnel can be established. It is done in two phases: | + | IKE (Internet Key Exchange) is a protocol used to set up security associations (SAs) for the IPsec connection. This process is required before the IPsec tunnel can be established. It is done in two phases: |
| | | |
| <table border=1; style="border-collapse: collapse;"> | | <table border=1; style="border-collapse: collapse;"> |