Westermo MR Series User Manual

Page 149

Advertising
background image

149

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

discover whether or not one or both ends of a tunnel is behind a NAT box, and implements a
standard NAT traversal protocol if NAT is being performed.

The version of NAT traversal supported is described in the IETF draft “draft-ietf-ipsec-nat-t-
ike-03.txt”.

NAT traversal keep-alive interval (s)

This parameter may be used to set a timer (in seconds), such that the unit will send regular
pack ets to a NAT device in order to prevent the NAT table from expiring.

RSA private key file:

This parameter specifies the name of a file for the X.509 certificate holding the unit’s private
part of the public/private key pair used in certificate exchanges. See “X.509 Certificates” in the
“IPSec and VPNs” section for further explanation.

Re-key time (s):

When the time left until expiry for this SA reaches the value specified by this parameter, the
IKEv2 SA will be renegotiated i.e. a new IKEv2 SA is negotiated and the old SA is removed. Any
IPSec “child” SAs that were created are retained and become “children” of the new SA.

Using Text Commands

From the command line, use the ike2 command to configure or display IKEv2 Responder settings. To
display current settings for the IKEv2 responder enter the command:

ike2 <instance> ?

where <instance> is 0.

To change the value of a parameter use the command in the format:

ike2 0 <parameter> <value>

The parameters and values are:

Parameter

Values

Equivalent Web Parameter

inactto

0-255

Inactivity timeout

ltime

1-28800

Duration

natkaint

number

NAT traversal keep-alive interval (s)

natt

off, on

NAT traversal enabled

noresp

off, on

Act as initiator only

privrsakey

filename

RSA private key file

rauthalgs

md5, sha1

Acceptable authentication algo-
rithms

rdhmingroup

1,2,5

Minimum acceptable MODP group

rekeyltime

number

Re-key time (s)

rencalgs

des, 3des

Acceptable encryption algorithms

renckeybits

128, 192, 256

Acceptable encryption key length
(AES only)

rmdhaxgroup

1,2,5

Maximum acceptable MODP group

rprfalgs

md5, sha1

Acceptable PRF algorithms

Note:
Using ! for a parameter in a text command means blank.

For example, to set the Acceptable authentication algorithms to “MD5” only you would enter:

ike2 0 rauthalgs md5

Advertising
This manual is related to the following products:

DR Series

Popular Brands
Popular manuals