Westermo MR Series User Manual

Page 136

Advertising
background image

136

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

Confi gure > IPSec > IKE > MODECFG > Static NAT Map-

4.44
pings

MODECFG is an extra stage built into IKE negotiations that fits between IKE phase 1 and IKE phase
2, and is used to perform operations such as extended authentication (XAUTH) and requesting an
IP address from the host. This IP address becomes the source address to use when sending packets
through the tunnel from the remote to the host. This mode of operation (receiving one IP address
from the remote host) is called “client” mode. Another mode, called “network” mode, allows the
unit to send packets with a range of source addresses through the tunnel.

If the unit receives packets from a local interface that need to be routed through the tunnel, it
performs address translation so that the source address matches the assigned IP address before
encrypting using the negotiated SA. Some state information is retained so that packets coming in
the opposite direction with matching addresses/ports can have their destination address set to the
source address of the original packet (in the same way as standard NAT).

If the remote end of the tunnel is to be able to access units connected to the local interface, the
unit that has been assigned the virtual IP address needs to have some static NAT entries set up.
When a packet is received through the tunnel, the unit will first look up existing NAT entries, fol-
lowed by static NAT entries to see if the destination address/port should be modified, and forwards
the packet to the new address. If a static NAT mapping is found, the unit creates a dynamic NAT
entry that will be used for the duration of the connection. If no dynamic or stateful entry is found,
the packet is directed to the local protocol handlers.

Using the Web Page(s)

Min Port #:

This parameter is used to specify the lowest port number to be redirected.

Max Port #:

This parameter is used to specify the highest port number to be redirected.

Map to IP address:

Enter an IP address to which packets containing the specified destination port number are to be
redirected.

Map to port:

Enter an IP port number to which packets containing the specified destination port number are
to be redirected. When set to “0” no port remapping occurs, and the original port number is
used.

Advertising
This manual is related to the following products:

DR Series

Popular Brands
Popular manuals