Chapter 14 IPSec Commands
Table 34 IPSec Commands (continued)
COMMAND | DESCRIPTION |
ipsec config manual esp encap | Sets the encapsulation mode when using ESP protocol in |
<0:Tunnel1:Transport> | the manual rule. |
ipsec config manual esp spi <decimal> | Sets the SPI when using ESP protocol in the manual rule. |
| decimal: The maximum length is 9. |
ipsec config manual esp encryAlgo | Sets the encryption algorithm when using ESP protocol in |
<0:Null1:DES2:3DES> | the manual rule. |
ipsec config manual esp encryKey <ascii> | Sets the encryption key when using ESP protocol in the |
| manual rule. |
ipsec config manual esp authAlgo | Sets the authentication algorithm when using ESP |
<0:MD51:SHA1 | protocol in the manual rule. |
ipsec config manual esp authKey <ascii> | Sets the authentication key when using ESP protocol in |
| the manual rule. |
ipsec swSkipOverlapIp <onoff> | Turn this on to send packets destined for overlapping local |
| and remote IP addresses to the local network (you can |
| access the local devices but not the remote devices). |
| Turn this off to send packets destined for overlapping local |
| and remote IP addresses to the remote network (you can |
| access the remote devices but not the local devices.) |
|
|
ipsec adjTcpMss <offauto<1~1460>> | The TCP packets are larger after VPN encryption. Packets |
| larger than a connection’s MTU (Maximum Transmit Unit) |
| are fragmented. |
| auto: Automatically set the Maximum Segment Size |
| (MSS) of the TCP packets that are to be encrypted by |
| VPN based on the encapsulation type. Recommended. |
| |
| network’s throughput performance, you can manually |
| specify a smaller MSS (in bytes). |
|
|
14.2 swSkipOverlapIp
Normally, you do not configure your local VPN policy rule’s IP addresses to overlap with the remote VPN policy rule’s IP addresses. For example, you usually would not configure both with 192.168.1.0. However, overlapping local and remote network IP addresses can occur in the following cases.
1You configure a dynamic VPN rule for a remote site. (See Figure 1.)
For example, when you configure the ZyXEL Device X, you configure the local network as 192.168.1.0 and the remote network as any (0.0.0.0). The “any” includes all possible IP addresses. It will forward traffic from network A to network B even if both the sender (for example 192.168.1.8) and the receiver (for example 192.168.1.9) are in network A.
92 |
| |
DSL & IAD CLI Reference Guide |
| |
|
|
|