Chapter 6 - Basic Configuration Guide | 23 |
Use the IP Connection Dialog Box to set address parameters for Ethernet 1:0, 3:0, 5:0 and 7:0. These Ethernet interfaces do not have any other settings available because they only handle IPSec traffic and do not do routing.
Use the IPSec Gateway Dialog Box (under Global/IPSec Gateway) to set the IPSec Gateway address. The IPSec Gateway must be on the same IP network as Ethernet 1:0, 3:0, 5:0 and 7:0.
TB: Use the configure command and set the IPAddress, SubnetMask and IPBroadcast keywords, and either the RIPVersion keyword or the OSPFEnabled keyword, in the IP Ethernet 0:0, IP Ethernet 2:0, IP Ethernet 4:0 and IP Ethernet 6:0 sections.
Use the configure command and set the IPAddress, SubnetMask and IPBroadcast keywords in the IP Ethernet 1:0, IP Ethernet 3:0, IP Ethernet 5:0 and
IP Ethernet 7:0 sections. No other keywords should be configured for these sections.
Use the configure command and set the IPSecGateway keyword in the General section.
IP Settings for Setups Behind a Firewall
If setting up the
•IP address (default = 198.41.12.1)
•IP subnet mask (default = 255.255.255.0)
•IP broadcast address (default = 198.41.12.255)
•RIP 1, RIP 2 or OSPF (Open Shortest Path First) for Ethernet 0:0 only
•IP gateway for Ethernet 0:0, 2:0, 4:0, and 6:0.
CV: Use the TCP/IP Routing: Ethernet Dialog Box to set the IP address, subnet mask, broad- cast address and IP routing protocol for Ethernet 0:0, 2:0, 4:0, and 6:0. OSPF can only be configured using
Use the IP Static Routing Dialog Box (under Global/IP Static Routes) to set an IP gateway.
TB: Use the configure command and the IPAddress, SubnetMask, and IPBroadcast keywords in the IP Ethernet 0:0, IP Ethernet 2:0, IP Ethernet 4:0 and
IP Ethernet 6:0 section.
Use the edit config command and set an IP gateway, in the IP Static section.
ϖNote: The gateway address would typically be an interface on a firewall. It must be on the same TCP/IP network as Ethernet 0:0, IP Ethernet 2:0, IP Ethernet 4:0 and IP Ethernet 6:0. With this setup, you must configure the firewall to allow:
•UDP port 500 (ISAKMP)
•Protocol number 50, which is the AH (Authentication Header) protocol packet type - and/or -
•Protocol number 51, which is the ESP (Encapsulating Security Payload) protocol packet type