10 connection options, Options list, Ipsec routing mode [routed – Nortel Networks 608(WL) User Manual
Page 209: Virtual interface, Connection options, Chapter 6
Chapter 6
Advanced Features
E-DOC-CTC-20051017-0169 v0.1
207
6.10 Connection Options
Options list
The connection options alter the behaviour of the VPN network. Options to be
applied to Connections are stored in named Option Lists. An Option List contains
the following options:
IPSec routing mode
[routed]
This parameter has two possible settings: routed and non-routed mode.
Routed mode means that the packets are routed to the IPSec interface. This is the
preferred mode of operation, which is valid for all possible scenarios.
Non-routed mode simulates the behaviour of previous SpeedTouch™ IPSec
implementations. In the present release, it is recommended to
not
use the non-
routed mode, because some scenarios are not supported in this mode.
Virtual interface
The SpeedTouch™ uses the concept of a Virtual Interface to implement the IPSec
processing. By default, the IPSec module uses the Virtual Interface, named ipsec0.
This interface is automatically created when IPSec is enabled.
Firewall rules for example, can be attached to virtual interfaces.
In most cases, the use of the default ipsec0 virtual interface is sufficient. Only in
some very specific occasions, it may be useful to create an additional virtual
interface for IPSec. For example, if you want to apply different firewall rules to
different IPSec tunnels, an additional Virtual Interface can be created in the
Connection Options list.
A typical situation where multiple IPSec virtual interfaces might be needed, is the
VPN hub and spoke model.
Option
Keyword
Description
IPSec routing mode
routed
Selects routed or non-routed mode.
Virtual interface
virtual_if
Defines the Virtual Interface for a
connection.
DF bit
force_df
Selects treatment of Don’t Fragment bit
Minimal MTU
min_mtu
Minimal value for MTU.
Add route
add_route
Enables or disables automatic addition of
routes to the routing table.
virtual_if
Possible values
A string value, containing the name of
the Virtual interface