7: Networking
EMG™ Edge Management Gateway User Guide 125
Mode Config In remote access scenarios, it is highly desirable to be able to push 
configuration information such as the private IP address, a DNS server's IP 
address, and so forth, to the client. This option defines which mode is used: 
pull where the config is pulled from the peer (the default), or push where 
the config is pushed to the peer. Push mode is not supported with IKEv2.
Force Encapsulation In some cases, for example when ESP packets are filtered or when a 
broken IPsec peer does not properly recognise NAT, it can be useful to 
force RFC-3948 encapsulation.
Dead Peer Detection Sets the delay (in seconds) between Dead Peer Detection (RFC 3706) 
keepalives (R_U_THERE, R_U_THERE_ACK) that are sent for the tunnel 
(default 30 seconds). Dead Peer Detection can also be disabled.
Dead Peer Detection 
Timeout
Sets the length of time (in seconds) the EMG will idle without hearing either 
an R_U_THERE poll from the peer, or an R_U_THERE_ACK reply. The 
default is 120 seconds. After this period has elapsed with no response and 
no traffic, the EMG will declare the peer dead, remove the Security 
Association (SA), and perform the action defined by Dead Peer Detection 
Action.
Dead Peer Detection Action When a Dead Peer Detection enabled peer is declared dead, the action that 
should be taken. Hold (the default) means the tunnel will be put into a hold 
status. Clear means the Security Association (SA) will be cleared. Restart 
means the SA will immediately be renegotiated.