1. Home
    2. /
  2. Manuals
    3. /
  3. Motorola
    4. /
  4. 3347-02
    5. /
  5. 52
Page 256 / 351 Scroll up to view Page 251 - 255
256
NOTE:
The Gateway’s WAN DHCP client port in SilentRunning mode is
enabled
. This
feature allows end users to continue using DHCP-served IP addresses from
their Service Providers, while having no identifiable presence on the Internet.
SafeHarbour IPSec Settings
SafeHarbour VPN is a tunnel between the local network and another geographically dis-
persed network that is interconnected over the Internet. This VPN tunnel provides a
secure, cost-effective alternative to dedicated leased lines. Internet Protocol Security
(IPsec) is a series of services including encryption, authentication, integrity, and replay pro-
tection. Internet Key Exchange (IKE) is the key management protocol of IPsec that estab-
lishes keys for encryption and decryption. Because this VPN software implementation is
built to these standards, the other side of the tunnel can be either another Motorola Neto-
pia® unit or another IPsec/IKE based security product. For VPN you can choose to have
traffic authenticated, encrypted, or both.
When connecting the Motorola Netopia® unit in a telecommuting scenario, the corporate
VPN settings will dictate the settings to be used in the Motorola Netopia® unit. If a param-
eter has not been specified from the other end of the tunnel, choose the default unless you
fully understand the ramifications of your parameter choice.
set security ipsec option (off) {on | off}
Turns on the SafeHarbour IPsec tunnel capability. Default is off. See
IPSec
” on page
94
for more information.
68
DHCP server
Enabled
Enabled
Enabled
161
snmp
Enabled
Enabled
Enabled
ping (ICMP)
Enabled
Enabled
WAN
- Disabled
LAN
-
Local Address
Only
Page 257 / 351
257
CONFIG Commands
set security ipsec tunnels name "123"
The name of the tunnel can be quoted to allow special characters and embedded spaces.
set security ipsec tunnels name "123" tun-enable
(on) {on | off}
This enables this particular tunnel. Currently, one tunnel is supported.
set security ipsec tunnels name "123" dest-ext-address
ip-address
Specifies the IP address of the destination gateway.
set security ipsec tunnels name "123" dest-int-network
ip-address
Specifies the IP address of the destination computer or internal network.
set security ipsec tunnels name "123" dest-int-netmask
netmask
Specifies the subnet mask of the destination computer or internal network. The subnet
mask specifies which bits of the 32-bit IP address represents network information. The
default subnet mask for most networks is 255.255.255.0 (class C subnet mask).
set security ipsec tunnels name "123" encrypt-protocol
(ESP) { ESP | none }
See
page
94
for details about SafeHarbour IPsec tunnel capability.
set security ipsec tunnels name "123" auth-protocol
(ESP) {AH | ESP | none}
See
page
94
for details about SafeHarbour IPsec tunnel capability.
set security ipsec tunnels name "123" IKE-mode
pre-shared-key-type (hex) {ascii | hex}
See
page
94
for details about SafeHarbour IPsec tunnel capability.
Page 258 / 351
258
set security ipsec tunnels name "123" IKE-mode
pre-shared-key ("") {hex string}
See
page
94
for details about SafeHarbour IPsec tunnel capability.
Example:
0x1234
set security ipsec tunnels name "123" IKE-mode
neg-method {main | aggressive}
See
page
94
for details about SafeHarbour IPsec tunnel capability.
Note:
Aggressive Mode
is a little faster, but it does not provide identity protection for nego-
tiations nodes.
set security ipsec tunnels name "123" IKE-mode
DH-group (1) { 1 | 2 | 5}
See
page
94
for details about SafeHarbour IPsec tunnel capability.
set security ipsec tunnels name "123" IKE-mode
isakmp-SA-encrypt (DES) { DES | 3DES }
See
page
94
for details about SafeHarbour IPsec tunnel capability.
set security ipsec tunnels name "123" IKE-mode
ipsec-mtu
mtu_value
The
M
aximum
T
ransmission
U
nit is a link layer restriction on the maximum number of
bytes of data in a single transmission. The maximum allowable value (also the default) is
1500, and the minimum is 100.
set security ipsec tunnels name "123" IKE-mode isakmp-SA-hash
(MD5) {MD5 | SHA1}
See
page
94
for details about SafeHarbour IPsec tunnel capability.
Page 259 / 351
259
CONFIG Commands
set security ipsec tunnels name "123" IKE-mode PFS-enable
{ off | on }
See
page
94
for details about SafeHarbour IPsec tunnel capability.
set security ipsec tunnels name "123" IKE-mode invalid-spi-recovery
{ off | on }
Enables the Gateway to re-establish the tunnel if either the Motorola Netopia® Gateway or
the peer gateway is rebooted.
set security ipsec tunnels name "123" xauth enable {off | on }
Enables or disables Xauth extensions to IPsec, when
IKE-mode neg-method
is set to
aggressive
. Default is
off
.
set security ipsec tunnels name "123" xauth username
username
Sets the Xauth username, if Xauth is enabled.
set security ipsec tunnels name "123" xauth password
password
Sets the Xauth password, if Xauth is enabled.
set security ipsec tunnels name "123" nat-enable { on | off }
Enables or disables NAT on the specified IPsec tunnel. The default is
off
.
set security ipsec tunnels name "123" nat-pat-address
ip-address
Specifies the NAT port address translation IP address for the specified IPsec tunnel.
set security ipsec tunnels name "123" local-id-type
{ IP-address | Subnet | Hostname | ASCII }
Specifies the NAT local ID type for the specified IPsec tunnel, when Aggressive Mode is set.
Page 260 / 351
260
set security ipsec tunnels name "123" local-id
id_value
Specifies the NAT local ID value as specified in the
local-id-type
for the specified IPsec
tunnel, when Aggressive Mode is set.
Note
: If
subnet
is selected, the following two values are used instead:
set security ipsec tunnels name "123" local-id-addr
ip-address
set security ipsec tunnels name "123" local-id-mask
ip-mask
set security ipsec tunnels name "123" remote-id-type
{ IP-address | Subnet | Hostname | ASCII }
Specifies the NAT remote ID type for the specified IPsec tunnel, when Aggressive Mode is
set.
set security ipsec tunnels name "123" remote-id
id_value
Specifies the NAT remote ID value as specified in the
remote-id-type
for the specified
IPsec tunnel, when Aggressive Mode is set.
Note
: If
subnet
is selected, the following two values are used instead:
set security ipsec tunnels name "123" remote-id-addr
ip-address
set security ipsec tunnels name "123" remote-id-mask
ip-mask

Rate

4 / 5 based on 3 votes.

Popular Motorola Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top