Version 6.2 97 February 2011
SIP User's Manual 3. Web-Based Management
Parameter Name Description
Note: Main mode negotiation is a processor-intensive
operation; for best performance, do not set this
parameter to less than 28,800 (i.e., eight hours).
The default value is 0 (i.e., unlimited).
IPSec SA Lifetime (sec)
[IPsecSATable_Phase2SaLifetimeInSec]
Determines the duration (in seconds) for which the
negotiated IPSec SA (Quick mode) is valid. After this
time expires, the SA is re-negotiated.
The default value is 0 (i.e., unlimited).
Note: For best performance, a value of 3,600 (i.e., one
hour) or more is recommended.
IPSec SA Lifetime (Kbs)
[IPsecSATable_Phase2SaLifetimeInKB]
Determines the maximum volume of traffic (in kilobytes)
for which the negotiated IPSec SA (Quick mode) is
valid. After this specified volume is reached, the SA is
re-negotiated.
The default value is 0 (i.e., the value is ignored).
Dead Peer Detection Mode
[IPsecSATable_DPDmode]
Configures dead peer detection (DPD), according to
RFC 3706.
[0] DPD Disabled (default)
[1] DPD Periodic = DPD is enabled with message
exchanges at regular intervals
[2] DPD on demand = DPD is enabled with on-
demand checks - message exchanges as needed
(i.e., before sending data to the peer). If the
liveliness of the peer is questionable, the device
sends a DPD message to query the status of the
peer. If the device has no traffic to send, it never
sends a DPD message.
Note: For detailed information on DPD, refer to the
Product Reference Manual.
Remote Tunnel Addr
[IPsecSATable_RemoteTunnelAddress]
Defines the IP address of the peer router.
Note: This parameter is applicable only if the
Operational Mode is set to Tunnel.
Remote Subnet Addr
[IPsecSATable_RemoteSubnetIPAddres
s]
Defines the IP address of the remote subnet. Together
with the Prefix Length parameter (below), this
parameter defines the network with which the IPSec
tunnel allows communication.
Note: This parameter is applicable only if the
Operational Mode is set to Tunnel.
Remote Prefix Length
[IPsecSATable_RemoteSubnetPrefixLen
gth]
Defines the prefix length of the Remote Subnet IP
Address parameter (in bits). The prefix length defines
the subnet class of the remote network. A prefix length
of 16 corresponds to a Class B subnet (255.255.0.0); a
prefix length of 24 corresponds to a Class C subnet
(255.255.255.0).
Note: This parameter is applicable only if the
Operational Mode is set to Tunnel.
Interface Name
[IPsecSATable_InterfaceName]
Associates this IPSec rule with a network interface that
is defined in the Multiple Interface table (Interface Name
column) - see ''Configuring IP Interface Settings'' on
page 78.
To Next Page
Loading...
