Perle Systems IOLINK-520 User Manual
Page 61
Applications
IOLINK-520 & IOLINK-PRO Installation & Applications Guide — 2.41
Note that the policy will be applied to all WAN interfaces, so a link on a second
WAN interface must have a policy item (or items) to permit traffic across that
interface.
Next, the policy item(s) that specify the SA(s), the rules to test packets against and encapsulation
algorithms and keys must be set. Each policy item is created by entering a name after selecting the
Edit Item menu option.
IPSec Policy Table Entry
Location: Main
! Configuration
! Packet Services Set-up
! IP Security Set-up
! Policy Set-up
! Edit Item
item_name
The name may be up to 16 alphanumeric characters; spaces are not allowed,
use underscore as a separator.
After the name is entered, the Edit Policy Item menu will be displayed. Under this menu the
Encapsulating Security Payload SA parameters and policy rules are set.
IPSec ESP SA
Location: Main
! Configuration
! Packet Services Set-up
! IP Security Set-up
! Policy Set-up
! Edit Item
item_name
! Manual ESP SA
! Peer IP Address
—
201.55.44.02
! Outbound SPI
24680BD
! Inbound SPI
ECA97531
The Security Parameters Indices (SPI) are identification numbers used to
identify packets to (outbound) or from (inbound) the peer router in the SA
connection. The Outbound SPI on one router must be exactly the same as
the Inbound SPI on the peer; similarly the Inbound SPI must exactly match
the outbound SPI on the peer set-up. The example shows 8 hex character
SPIs as set in Router 1, so for Router 2, the matching Outbound SPI would
then be ECA97531 and the Inbound SPI 24680BD.
"
"
"
"
"
"
"
"