Line 282: |
Line 282: |
| | | |
| | | |
− | [[Image:Services vpn ipsec.PNG]] | + | [[File:Services vpn ipsec v 2.png]] |
| | | |
| {| class="wikitable" | | {| class="wikitable" |
Line 313: |
Line 313: |
| | style="text-align: left; vertical-align: top;" | string; Default: " " | | | style="text-align: left; vertical-align: top;" | string; Default: " " |
| | style="text-align: left; vertical-align: top;" | In case RUT has a Private IP, its identifier should be its own LAN network address. In this way, the Road Warrior approach is possible | | | style="text-align: left; vertical-align: top;" | In case RUT has a Private IP, its identifier should be its own LAN network address. In this way, the Road Warrior approach is possible |
| + | |- |
| + | ! style="text-align: left; vertical-align: top;" | Local IP address/Subnet mask |
| + | | style="text-align: left; vertical-align: top;" | ip/netmask {{!}} Default: " " |
| + | | style="text-align: left; vertical-align: top;" | Local network secure group IP address and mask used to determine at what subnet an IP address can be accessed. Netmask range [0 - 32]. If left empty IP address will be selected automatically |
| + | |- |
| + | ! style="text-align: left; vertical-align: top;" | Left firewall |
| + | | style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''yes''' |
| + | | style="text-align: left; vertical-align: top;" | Excludes IPsec tunnel from firewall rules |
| |- | | |- |
| ! style="text-align: left; vertical-align: top;" | Force encapsulation | | ! style="text-align: left; vertical-align: top;" | Force encapsulation |
− | | style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''no | + | | style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''no''' |
| | style="text-align: left; vertical-align: top;" | Forces UDP encapsulation for ESP packets even if no NAT situation is detected | | | style="text-align: left; vertical-align: top;" | Forces UDP encapsulation for ESP packets even if no NAT situation is detected |
| |- | | |- |
Line 330: |
Line 338: |
| | style="text-align: left; vertical-align: top;" | IP address or hostname of the remote IPsec instance | | | style="text-align: left; vertical-align: top;" | IP address or hostname of the remote IPsec instance |
| |- | | |- |
− | ! style="text-align: left; vertical-align: top;" | IP address/subnet mask | + | ! style="text-align: left; vertical-align: top;" | Remote IP address/subnet mask |
| | style="text-align: left; vertical-align: top;" | ip/integer [0..32]; Default: " " | | | style="text-align: left; vertical-align: top;" | ip/integer [0..32]; Default: " " |
| | style="text-align: left; vertical-align: top;" | Remote network secure group IP address and mask used to determine to what subnet an IP address belongs to. Should differ from device’s LAN IP | | | style="text-align: left; vertical-align: top;" | Remote network secure group IP address and mask used to determine to what subnet an IP address belongs to. Should differ from device’s LAN IP |
| + | |- |
| + | ! style="text-align: left; vertical-align: top;" | Right firewall |
| + | | style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''yes''' |
| + | | style="text-align: left; vertical-align: top;" | Excludes remote side IPsec tunnel from firewall rules |
| |- | | |- |
| ! style="text-align: left; vertical-align: top;" | Enable keep alive | | ! style="text-align: left; vertical-align: top;" | Enable keep alive |
Line 345: |
Line 357: |
| | style="text-align: left; vertical-align: top;" | integer [0..9999999]; Default: " " | | | style="text-align: left; vertical-align: top;" | integer [0..9999999]; Default: " " |
| | style="text-align: left; vertical-align: top;" | Send ICMP echo request every '''x''' seconds ('''x''' being the number specified in this field) | | | style="text-align: left; vertical-align: top;" | Send ICMP echo request every '''x''' seconds ('''x''' being the number specified in this field) |
| + | |- |
| + | ! style="text-align: left; vertical-align: top;" | Allow WebUI access |
| + | | style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''no''' |
| + | | style="text-align: left; vertical-align: top;" | If enabled, allows router's WebUI access through the IPsec tunnel |
| |- | | |- |
| |} | | |} |