The specific behavior depends on the "Start state" and "Dead-peer detection" parameters. The
fastest transition occurs if the "Start state" parameter is set to "Start" value.
■ IPsec
IPsec
List box: On, Off
Default = Off
IPsec system turning On/Off
Make-before-break
List box: On, Off
Default = Off
This parameter is valid for all IKE SA using IKEv2 with re-authentication. A temporary connection
break during IKE_SA re-authentication is suppressed by this parameter. This function may not
operate correctly with some IPsec implementations (on peer side).
■ IPsec associations
Every line in the table represents one IKE SA. There can be a maximum of 8 active IKE SA (limited
by system resources).
The "Peer ID" is a unique identifier of the IKE SA serving as a link between CHILD SA ("Traffic se-
lectors" table) and PSK.
IKE version
List box: IKEv1, IKEv2
Default = IKEv2
IKE version selection. The IKE peer must use the same version.
Peer address
Default = 0.0.0.0
IKE peer IP address.
Local ID
IP address or FQDN (Fully Qualified Domain Name) is used as the Local side identification. It
must be same as "Peer ID" of the IKE peer.
Peer ID
IP address or FQDN (Fully Qualified Domain Name) is used as the IKE peer identification. It
must be same as "Local ID" of the IKE peer. The "Peer ID" must be unique in the whole table.
Note
You may add a note to each tunnel with your comments up to 16 characters (UTF8 is supported)
for your convenience. Following characters are not allowed:
" (Double quote)
` (Grave accent)
\ (Backslash)
$ (Dollar symbol)
; (Semicolon)
Active
Default = On
When disabled the related IKE SA and all associated CHILD SA are disabled.
167© RACOM s.r.o. – RipEX Radio modem & Router
Advanced Configuration
To Next Page
Loading...
