Security settings – Motorola 2200 User Manual
Page 195
195
Security Settings
Security settings include the Firewall, Packet Filtering, Stateful Inspection, and IPSec parameters.
Some of the security functionality is keyed.
Firewall Settings
set security firewall option [ high | medium | low | off ]
The firewall settings are discussed on page
.
SafeHarbour IPSec Settings
SafeHarbour VPN is a tunnel between the local network and another geographically dispersed network
that is interconnected over the Internet. This VPN tunnel provides a secure, cost-effective alternative to
dedicated leased lines. Internet Protocol Security (IPsec) is a series of ser vices including encr yption,
authentication, integrity, and replay protection. Internet Key Exchange (IKE) is the key management pro-
tocol of IPsec that establishes keys for encr yption and decr yption. Because this VPN software imple-
mentation is built to these standards, the other side of the tunnel can be either another Motorola
Netopia
®
unit or another IPsec/IKE based security product. For VPN you can choose to have traffic
authenticated, encr ypted, or both.
When connecting the Motorola Netopia
®
unit in a telecommuting scenario, the corporate VPN settings
will dictate the settings to be used in the Motorola Netopia
®
unit. If a parameter has not been specified
from the other end of the tunnel, choose the default unless you fully understand the ramifications of
your parameter choice.
set security ipsec option (off) {on | off}
Turns on the SafeHarbour IPsec tunnel capability. Default is off.
set security ipsec tunnels name "123"
The name of the tunnel can be quoted to allow special characters and embedded spaces.
set security ipsec tunnels name "123" tun-enable {on | off}
This enables this par ticular tunnel. Currently, one tunnel is suppor ted.
set security ipsec tunnels name "123" dest-ext-address
ip-address
Specifies the IP address of the destination gateway.
set security ipsec tunnels name "123" dest-int-network
ip-address
Specifies the IP address of the destination computer or internal network.