7: Networking
EMGâ„¢ Edge Management Gateway User Guide 125
Mode Config In remote access scenarios, it is highly desirable to be able to push
configuration information such as the private IP address, a DNS server's IP
address, and so forth, to the client. This option defines which mode is used:
pull where the config is pulled from the peer (the default), or push where
the config is pushed to the peer. Push mode is not supported with IKEv2.
Force Encapsulation In some cases, for example when ESP packets are filtered or when a
broken IPsec peer does not properly recognise NAT, it can be useful to
force RFC-3948 encapsulation.
Dead Peer Detection Sets the delay (in seconds) between Dead Peer Detection (RFC 3706)
keepalives (R_U_THERE, R_U_THERE_ACK) that are sent for the tunnel
(default 30 seconds). Dead Peer Detection can also be disabled.
Dead Peer Detection
Timeout
Sets the length of time (in seconds) the EMG will idle without hearing either
an R_U_THERE poll from the peer, or an R_U_THERE_ACK reply. The
default is 120 seconds. After this period has elapsed with no response and
no traffic, the EMG will declare the peer dead, remove the Security
Association (SA), and perform the action defined by Dead Peer Detection
Action.
Dead Peer Detection Action When a Dead Peer Detection enabled peer is declared dead, the action that
should be taken. Hold (the default) means the tunnel will be put into a hold
status. Clear means the Security Association (SA) will be cleared. Restart
means the SA will immediately be renegotiated.
To Next Page
Loading...
Need help?
General
