Confi gure > ipsec > default eroute 4.51 – Westermo MR Series User Manual

Page 164

Advertising
background image

164

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

Confi gure > IPSec > Default Eroute

4.51

Like a normal IP routing set-up, IPSec “Eroutes” have a default configuration that is applied if no
spe cific route can be found. This is useful when, for instance, you wish to have a number of remote
users connect via a secure channel (perhaps to access company financial information) but also still
allow general remote access to other specific servers on your network or the Internet.

Using the Web Page(s)

The default action for what to do when a packet is to be routed but no secure Eroute exists is
specified on the Configure > IPSec Eroutes > Default Eroute page. The parameters are as follows:

No inbound SA action:

This parameter determines how the router will respond if a packet is received when there is no
SA. If “Drop Packet” is selected then only packets that match a specified Eroute will be routed,
all other data will be discarded. This has the effect of enforcing a secure connection to all devic-
es behind the router.

If “Pass Packet” is selected then data that matches an Eroute definition will be decrypted and
authenticated (depending on the Eroute options selected) but data that does not match will also
be allowed to pass.

No outbound SA action:

This parameter determines how the router will respond if a packet is transmitted when there is
no SA. If “Drop Packet” is selected then only packets that match a specified Eroute will be rout-
ed, all other data will be discarded. If “Pass Packet” is selected then data that matches an Eroute
defini tion will be encrypted and authenticated (depending on the Eroute options selected) but
data that does not match will also be allowed to pass.

Using Text Commands

From the command line, use the def_eroute command to configure or display default Eroute set-
tings.

To display current settings enter the command:

def_eroute <instance> ?

where <instance> is 0.

To change the value of a parameter use the command in the format:

def_eroute <instance> <parameter> <value>

The parameters and values are:

Parameter

Values

Equivalent Web Parameter

nosain

drop, pass

No inbound SA action

nosaout

drop, pass

No outbound SA action

Advertising
This manual is related to the following products:

DR Series

Popular Brands
Popular manuals