Chapter 14 IPSec Commands
DSL & IAD CLI Reference Guide
92
14.2 swSkipOverlapIp
Normally, you do not configure your local VPN policy rule’s IP addresses to overlap with the
remote VPN policy rule’s IP addresses. For example, you usually would not configure both
with 192.168.1.0. However, overlapping local and remote network IP addresses can occur in
the following cases.
1 You configure a dynamic VPN rule for a remote site. (See Figure 1.)
For example, when you configure the ZyXEL Device X, you configure the local network
as 192.168.1.0 and the remote network as any (0.0.0.0). The “any” includes all possible IP
addresses. It will forward traffic from network A to network B even if both the sender (for
example 192.168.1.8) and the receiver (for example 192.168.1.9) are in network A.
ipsec config manual esp encap
<0:Tunnel|1:Transport>
Sets the encapsulation mode when using ESP protocol in
the manual rule.
ipsec config manual esp spi <decimal> Sets the SPI when using ESP protocol in the manual rule.
decimal: The maximum length is 9.
ipsec config manual esp encryAlgo
<0:Null|1:DES|2:3DES>
Sets the encryption algorithm when using ESP protocol in
the manual rule.
ipsec config manual esp encryKey <ascii> Sets the encryption key when using ESP protocol in the
manual rule.
ipsec config manual esp authAlgo
<0:MD5|1:SHA1
Sets the authentication algorithm when using ESP
protocol in the manual rule.
ipsec config manual esp authKey <ascii> Sets the authentication key when using ESP protocol in
the manual rule.
ipsec swSkipOverlapIp <on|off> Turn this on to send packets destined for overlapping local
and remote IP addresses to the local network (you can
access the local devices but not the remote devices).
Turn this off to send packets destined for overlapping local
and remote IP addresses to the remote network (you can
access the remote devices but not the local devices.)
ipsec adjTcpMss <off|auto|<1~1460>> The TCP packets are larger after VPN encryption. Packets
larger than a connection’s MTU (Maximum Transmit Unit)
are fragmented.
auto: Automatically set the Maximum Segment Size
(MSS) of the TCP packets that are to be encrypted by
VPN based on the encapsulation type. Recommended.
1-1460: If fragmentation issues are affecting your
network’s throughput performance, you can manually
specify a smaller MSS (in bytes).
Table 34 IPSec Commands (continued)
COMMAND DESCRIPTION