In this case, Linux server
(CISCO router) offers services for IPsec tunnel therefore it must always be available on
a static IP address or on a domain name.
Configuration via web interface
If addresses of tunnel ends are visible to one another, all you have to do is specify
these items:Description, Remote IP address, Remote Subnet, Remote Subnet Mask,
Local Subnet and Local Subnet Mask. If not (one end of the tunnel is in a private network),
it is necessary to enable NAT Traversal.
If NAT Traversal is active, it is also necessary to set Remote ID. As the ID has to be filled
FQDN (Fully Qualified Domain Name), which is the designation for a fully specified domain
name of the computer. It is also possible to set authentication using certificates, but then
there is no need to enter Remote ID.
The following table provides an example of IPsec tunnel settings which correspond to the
figure from the beginning of this chapter:
Information about the active IPsec tunnel can be found in the Status section on the
IPsec page of the router web interface.