Ipsectunnelsettings – Amer Networks E5 CLI User Manual

3.62. IPsecTunnelSettings

Description

Settings for the IPsec tunnel interfaces used for establishing IPsec VPN connections to and from
this system.

Properties

IPsecMaxTunnels

Amount of IPsec tunnels allowed (0 = automatic).
(Default: 0)

IPsecMaxRules

Amount of IPsec rules allowed (0 = automatic).
(Default: 0)

IKESendInitialContact

Send 'initial contact' messages. (Default: Yes)

IKESendCRLs

Send CRLs in the IKE exchange. (Default: Yes)

IKECRLValidityTime

Maximum number of seconds a CRL is considered
valid (0=obey the 'next update' field in the CRL).
(Default: 86400)

IKEMaxCAPath

Maximum number of CA certificates in a certificate
path. (Default: 15)

IPsecCertCacheMaxCerts

Maximum number of entries in the certificate
cache. (Default: 1024)

IPsecBeforeRules

Pass IKE & IPsec (ESP/AH) traffic sent to the security
gateway directly to the IPsec engine without
consulting the ruleset. (Default: Yes)

IPsecGWNameCacheTime

Amount of time to keep an IPsec tunnel open
when the remote DNS name fails to resolve.
(Default: 14400)

DPDMetric

Metric 10s of seconds with no traffic or other
evidence of life in tunnel before SA is removed.
(Default: 3)

FlowMetric

Minimum number of seconds without data traffic
in a flow to activate IKE DPD liveness checks from
the corresponding IKE SA. (Default: 15)

IPsecDPDNoWaitWorryTime

Do not wait for 10 times the value of DPD Metric
after the value of Flow Metric has expired without
aliveness sign before activating IKE DPD. (Default:
No)

DPDKeepTime

Number 10s of seconds a SA will remain in dead
cache after a delete. DPD will not trigger if peer
already is cached as dead. (Default: 2)

DPDExpireTime

Number of seconds that DPD-R-U-THERE messages
will be sent. (Default: 15)

IPsecHardwareAcceleration

IPsec hardware acceleration. (Default: Inline)

Chapter 3: Configuration Reference

186