3.67. IPsecTunnelSettings
Description
Settings for the IPsec tunnel interfaces used for establishing IPsec VPN connections to and from
this system.
Properties
IPsecMaxTunnels Amount of IPsec tunnels allowed (0 = automatic).
(Default: 0)
IPsecMaxRules Amount of IPsec rules allowed (0 = automatic).
(Default: 0)
IKESendInitialContact Send 'initial contact' messages. (Default: Yes)
IKESendCRLs Send CRLs in the IKE exchange. (Default: Yes)
IKECRLValidityTime Maximum number of seconds a CRL is considered
valid (0=obey the 'next update' field in the CRL).
(Default: 86400)
IKEMaxCAPath Maximum number of CA certificates in a certificate
path. (Default: 15)
IPsecCertCacheMaxCerts Maximum number of entries in the certificate
cache. (Default: 1024)
IPsecBeforeRules Pass IKE & IPsec (ESP/AH) traffic sent to the firewall
directly to the IPsec engine without consulting the
ruleset. (Default: Yes)
IPsecGWNameCacheTime Amount of time to keep an IPsec tunnel open
when the remote DNS name fails to resolve.
(Default: 14400)
DPDMetric Metric 10s of seconds with no traffic or other
evidence of life in tunnel before SA is removed.
(Default: 3)
FlowMetric Minimum number of seconds without data traffic
in a flow to activate IKE DPD liveness checks from
the corresponding IKE SA. (Default: 15)
IPsecDPDNoWaitWorryTime Do not wait for 10 times the value of DPD Metric
after the value of Flow Metric has expired without
aliveness sign before activating IKE DPD. (Default:
No)
DPDKeepTime Number 10s of seconds a SA will remain in dead
cache after a delete. DPD will not trigger if peer
already is cached as dead. (Default: 2)
DPDExpireTime Number of seconds that DPD-R-U-THERE messages
will be sent. (Default: 15)
IPsecHardwareAcceleration IPsec hardware acceleration. (Default: Inline)
Chapter 3: Configuration Reference
222
To Next Page
Loading...
