IPsecDisablePKAccel Disable hardware acceleration for public-key
operations. (Default: No)
IPsecEnableFramedIP Include Framed IP address in the RADIUS Access
Request message. (Default: No)
IPsecEnableRadiusAccountRequestStart Enable sending of Accounting Request Start
message, including Framed IP address. (Default:
No)
IPsecXCBCFallbackToRFC3664 Enable fallback to XCBC RFC3664 if XCBC RFC4344
fails when using IKEv2. (Default: Yes)
IPsecDeleteSAOnIPValidationFailure Enable tunnel deletion when decrypted source IP
address doesn't match the remote net. (Default:
No)
IPsecSAKeepTime Number of seconds a SA will linger after a delete.
(Default: 3)
IKEDisableDPD Disable Dead Peer Detection in IKEv2. (Default: No)
IPsecForceRequireCookie Force requirement of cookies. Used for test
purposes only! (Default: No)
IPsecDisableCallingStationID Disable calling station ID and called station ID in
RADIUS messages. (Default: No)
IpsecUseClientCfgModeAttributes Use client requested subnet attributes for config
mode. (Default: No)
IPsecAllowIKEPortChange Allow port change to 4500 in IKE negotiation even
when no NAT is detected. (Default: No)
IPsecLogKeyMaterial Enable logging of IPsec key material. (Default: No)
IPsecESPDetectNATChange Use inbound ESP packets to detect that NAT
mappings have changed. (Default: Yes)
Note
This object type does not have an identifier and is identified by the name of the type
only. There can only be one instance of this type.
Chapter 3: Configuration Reference
223
To Next Page
Loading...
