Справочник Пользователя для Netopia 4542
10-10 User’s Reference Guide
IP Profile Parameters
The following IP Profile Options screen is displayed for an IPsec Connection Profile.
■
You must specify an SPI (Security Parameters Index), which is the ESP receive side SPI and the default
SPI for ESP transmit, AH receive, and AH transmit. It must be unique relative to any other configuration
profile “ESP Receive SPIs.” (See
SPI for ESP transmit, AH receive, and AH transmit. It must be unique relative to any other configuration
profile “ESP Receive SPIs.” (See
.)
■
You must specify a Remote Tunnel Endpoint Address. Specify the IP address of your tunnel par tner, the
endpoint of the tunnel. The Remote Tunnel Endpoint Address may be 0.0.0.0, which implies that the IPsec
tunnel will not be established until packets are received on the SPI specified. At that time the tunnel will be
bound to the Remote Tunnel Endpoint until traffic from the remote gateway ceases for a timeout period.
endpoint of the tunnel. The Remote Tunnel Endpoint Address may be 0.0.0.0, which implies that the IPsec
tunnel will not be established until packets are received on the SPI specified. At that time the tunnel will be
bound to the Remote Tunnel Endpoint until traffic from the remote gateway ceases for a timeout period.
■
You can specify the Idle Timeout, an inactivity timer, whose expiration will terminate the tunnel. A value of
zero disables the timer. Because tunnels are subject to abrupt termination when the underlying datalink is
torn down, use of the Idle Timeout is strongly encouraged.
zero disables the timer. Because tunnels are subject to abrupt termination when the underlying datalink is
torn down, use of the Idle Timeout is strongly encouraged.
■
You must specify a Remote Members Network address. This specifies the subnet of the remote IPsec
tunnel and will be used with the Remote Members Mask to determine and set the route.
tunnel and will be used with the Remote Members Mask to determine and set the route.
■
You must specify a Remote Members Mask. This is the subnet mask of the remote subnet to which the
IPsec tunnel will route.
IPsec tunnel will route.
■
You can specify Address Translation Enabled. For more information see
If Address Translation Enabled is set to Yes, you can specify the following three
fields:
■
NAT Map List
■
NAT Server List
■
PAT IP Address
(Note: Since there is no protocol to derive this address, 0.0.0.0 is not permitted.)
(Note: Since there is no protocol to derive this address, 0.0.0.0 is not permitted.)
IP Profile Options
SPI (Security Parameters Index): 123456789
Remote Tunnel Endpoint Address: 0.0.0.0
Idle Timeout (seconds): 300
Remote Members Network: 0.0.0.0
Remote Members Mask: 0.0.0.0
Idle Timeout (seconds): 300
Remote Members Network: 0.0.0.0
Remote Members Mask: 0.0.0.0
Address Translation Enabled: Yes
NAT Map List... Easy-PAT List
NAT Server List... Easy-Servers
PAT IP Address: 1.1.1.1
NAT Map List... Easy-PAT List
NAT Server List... Easy-Servers
PAT IP Address: 1.1.1.1
Filter Set... <<None>>
Remove Filter Set
Remove Filter Set
Advanced IP Profile Options...
COMMIT CANCEL