MultiCom Technical Support Forum Index MultiCom Technical Support
Supporting MultiCom Routers, Firewalls and VPN
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

IPSec changes in 3.5

 
Post new topic   Reply to topic    MultiCom Technical Support Forum Index -> 3.x IPSec
View previous topic :: View next topic  
Author Message
Support



Joined: 09 Oct 2002
Posts: 175
Location: Lausanne, Switzerland

PostPosted: Tue Jul 08, 03 15:01    Post subject: IPSec changes in 3.5 Reply with quote

IPSec has many more features added to it as detailed in the 3.5 Feature list however there are some changes to the previous way of doing things.

IPSec now happens before passing the SecureWall for outgoing packets and after passing through the SecureWall for incoming packets. This means that:
  • You do not need to use the NAT WAN Interface output table with NOMAP for the remote subnetwork.
  • If you are using SecureWall you must make NAT Input rules in the WAN/PPP interface for
    Code:
    UDP 500   Mapping=INTERNAL Port 500
    ESP       Mapping=INTERNAL
    AH        Mapping=INTERNAL (if using AH protocol)
    UDP 4500  Mapping=INTERNAL Port 4500 (if using NAT-Traversal)
  • IPSec traffic cannot receive Network Address Translation, so if you were using IPSec in Transport mode you cannot redirect that arriving traffic. Transport mode is now only useful as a way of reaching the MultiCom Firewall or for securely using Syslog or SNMP.
IKE Agressive mode will only work with 3DES. If you were using Agressive mode with other algorithms, either switch the algorithm to 3DES or use Main Mode.

The IDEA algorithm is not supported in firmware 3.5. If you need to use it you must use firmware version 3.4.1.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    MultiCom Technical Support Forum Index -> 3.x IPSec All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group