beautypg.com

Ipsec advanced settings, Section 9.4.6, “ipsec advanced settings – Amer Networks E5Web GUI User Manual

Page 614

background image

Packet length

: 156 bytes

# payloads

: 5

Payloads:

HASH (Hash)
Payload data length : 16 bytes
SA (Security Association)

Payload data length : 56 bytes
DOI : 1 (IPsec DOI)

Proposal 1/1

Protocol 1/1

Protocol ID

: ESP

SPI Size

: 4

SPI Value

: 0xafba2d15

Transform 1/1

Transform ID

: Rijndael (aes)

Key length

: 128

Authentication algorithm : HMAC-MD5
SA life type

: Seconds

SA life duration

: 21600

SA life type

: Kilobytes

SA life duration

: 50000

Encapsulation mode

: Tunnel

NONCE (Nonce)

Payload data length : 16 bytes

ID (Identification)

Payload data length : 8 bytes
ID : ipv4(any:0,[0..3]=10.4.2.6)

ID (Identification)

Payload data length : 12 bytes
ID : ipv4_subnet(any:0,[0..7]=10.4.0.0/16)

Step 9. Client Confirms Tunnel Setup

This last message is a message from the client saying that the tunnel is up and running. All
client/server exchanges have been successful.

IkeSnoop: Received IKE packet from 192.168.0.10:500 Exchange type :

Quick mode ISAKMP Version : 1.0

Flags

: E (encryption)

Cookies

: 0x6098238b67d97ea6 -> 0x5e347cb76e95a

Message ID

: 0xaa71428f

Packet length

: 48 bytes

# payloads

: 1

Payloads:

HASH (Hash)

Payload data length : 16 bytes

9.4.6. IPsec Advanced Settings

The following cOS Core advanced settings are available for configuring IPsec tunnels.

IPsec Max Rules

This specifies the total number of IP rules that can be connected to IPsec tunnels. By default, this
is initially approximately 4 times the licensed IPsecMaxTunnels and system memory for this is
allocated at startup. By reducing the number of rules, memory requirements can be reduced but
making this change is not recommended.

IPsec Max Rules will always be reset automatically to be approximately 4 times IPsec Max
Tunnels
if the latter is changed. This linkage is broken once IPsec Max Rules is altered manually
so that subsequent changes to IPsec Max Tunnels will not cause an automatic change in IPsec
Max Rules
.

Chapter 9: VPN

614

This manual is related to the following products: