| Doc. # 1-00000819 | |||
|---|---|---|---|
| Date Updated | 10-26-2018 | Date Created | 09-12-2017 |
| Document Type | Knowledge Base | Related OS | |
| Related Product | ERT310/ ERT311/ ERT312/ RT3G-300/ RT3G-300-W/ RT3G-300RAC/ RT3G-302/ RT3G-310/ RT3G-310-W/ RT3G-311/ RT3G-320-W/ RT3G-320RAC-W/ RT3G-322/ RT3G-324/ RT3G-330/ RT3G-340-W/ RT3G-340RAC-W/ RTLTE-300-VZ | ||
| IPsec Tunnel - initiator on the router | |||
|---|---|---|---|
|
Solution:
In this case, Linux server (CISCO router) offers services for IPsec tunnel therefore it must always be available on a static IP address or on a domain name. Configuration via web interface If addresses of tunnel ends are visible to one another, all you have to do is specify these items:Description, Remote IP address, Remote Subnet, Remote Subnet Mask, Local Subnet and Local Subnet Mask. If not (one end of the tunnel is in a private network), it is necessary to enable NAT Traversal. If NAT Traversal is active, it is also necessary to set Remote ID. As the ID has to be filled FQDN (Fully Qualified Domain Name), which is the designation for a fully specified domain name of the computer. It is also possible to set authentication using certificates, but then there is no need to enter Remote ID. The following table provides an example of IPsec tunnel settings which correspond to the figure from the beginning of this chapter: Information about the active IPsec tunnel can be found in the Status section on the IPsec page of the router web interface.
|
|||
| Download File | Release Date | Download Site | |
| ipsec_initiator_1.png (IPSec Tunnel - configuration via web interface) | 10-25-2017 | ||
| ipsec_initiator2.png (IPSec Tunnel - Settings) | 10-25-2017 | ||
| ipsec_initiator3.png (IPSec page of router web interface) | 10-25-2017 | ||
| ipsec_initiator_4.png (IPSec interface screen shot) | 10-25-2017 | ||