Support
Joined: 09 Oct 2002
Posts: 175
Location: Lausanne, Switzerland
|
 Posted: Tue Jul 08, 03 15:01 Post subject: IPSec changes in 3.5 |
 |
|
IPSec has many more features added to it as detailed in the 3.5 Feature list however there are some changes to the previous way of doing things.
IPSec now happens before passing the SecureWall for outgoing packets and after passing through the SecureWall for incoming packets. This means that:- You do not need to use the NAT WAN Interface output table with NOMAP for the remote subnetwork.
- If you are using SecureWall you must make NAT Input rules in the WAN/PPP interface for
| Code: | UDP 500 Mapping=INTERNAL Port 500
ESP Mapping=INTERNAL
AH Mapping=INTERNAL (if using AH protocol)
UDP 4500 Mapping=INTERNAL Port 4500 (if using NAT-Traversal) |
IPSec traffic cannot receive Network Address Translation, so if you were using IPSec in Transport mode you cannot redirect that arriving traffic. Transport mode is now only useful as a way of reaching the MultiCom Firewall or for securely using Syslog or SNMP.IKE Agressive mode will only work with 3DES. If you were using Agressive mode with other algorithms, either switch the algorithm to 3DES or use Main Mode.
The IDEA algorithm is not supported in firmware 3.5. If you need to use it you must use firmware version 3.4.1. |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
