Virtual Private Networks (VPN) IPsec
AnywhereUSB® Plus User Guide
578
n
never: Do not send oversized IKEmessages in fragments.
n
accept: Do not send oversized IKEmessages in fragments, but announce support
for fragmentation to the peer.
The default is always.
e. Padding of IKE packets is enabled by default and should normally not be disabled except
for compatibility purposes. To disable:
(config vpn ipsec tunnel ipsec_example)> ike pad false
(config vpn ipsec tunnel ipsec_example)>
f. Set the amount of time that the IKE security association expires after a successful
negotiation and must be re-authenticated:
(config vpn ipsec tunnel ipsec_example)> ike phase1_lifetime value
(config vpn ipsec tunnel ipsec_example)>
where value is any number of weeks, days, hours, minutes, or seconds, and takes the
format number{w|d|h|m|s}.
For example, to set phase1_lifetime to ten minutes, enter either 10m or 600s:
(config vpn ipsec tunnel ipsec_example)> ike phase1_lifetime 600s
(config vpn ipsec tunnel ipsec_example)>
The default is three hours.
g. Set the amount of time that the IKE security association expires after a successful
negotiation and must be rekeyed.
(config vpn ipsec tunnel ipsec_example)> ike phase2_lifetime value
(config vpn ipsec tunnel ipsec_example)>
where value is any number of weeks, days, hours, minutes, or seconds, and takes the
format number{w|d|h|m|s}.
For example, to set phase2_lifetime to ten minutes, enter either 10m or 600s:
(config vpn ipsec tunnel ipsec_example)> ike phase2_lifetime 600s
(config vpn ipsec tunnel ipsec_example)>
The default is one hour.
h. Set a randomizing amount of time before the IPsec tunnel is renegotiated:
(config vpn ipsec tunnel ipsec_example)> ike lifetime_margin value
(config vpn ipsec tunnel ipsec_example)>
where value is any number of weeks, days, hours, minutes, or seconds, and takes the
format number{w|d|h|m|s}.
For example, to set lifetime_margin to ten minutes, enter either 10m or 600s:
(config vpn ipsec tunnel ipsec_example)> ike lifetime_margin 600s
(config vpn ipsec tunnel ipsec_example)>
To Next Page
Loading...
Need help?
General