CONFIG IPSEC UPDATE

Level

vpn+modify

History

Appears in Netasq 9 0 0
CRLrequired appears in Netasq 9 0 1
cfg_domain appears in Netasq 9 0 1
DoSProtection appears in 2 3 0
CookieThreshold appears in 2 3 0
BlockThreshold appears in 2 3 0
RetransmitTries appears in 2 3 0
RetransmitTimeout appears in 2 3 0
RetransmitBase appears in 2 3 0
MakeBeforeBreak appears in 3 0 0
NATKeepalive appears in 3 0 0
FragmentSize appears in 3 2 0
IKEDaemon appears in 3 3 0
CheckDuplicatePh1 appears in 4 0 0
CryptoLoadBalance appears in 2 7 3
CryptoLoadBalance can be auto in 4 2 0
IKEDaemon removed in 4 2 0
retry removed in 4 2 0
interval removed in 4 2 0
ph1delay removed in 4 2 0
ph2delay removed in 4 2 0
bindall removed in 4 2 0
PMTUD appears in 4 3 0

Description

Update global information about a slot

Usage

slot=<1-10> [cfg_dns=<host>] [cfg_domain=<domain1,domain2, >] [useoldsa=<0|1>] [certNID=<num>] [LdapField=<str>] [CRLrequired=<0|1>] [UACServCert=<0|1>] [DoSProtection=<0|1>] [CookieThreshold=<num>] [BlockThreshold=<num>] [RetransmitTries=<num>] [RetransmitTimeout=<num>] [RetransmitBase=<float>] [MakeBeforeBreak=<0|1>] [NATKeepalive=<num>] [FragmentSize=<num>] [BypassLocalTraffic=<0|1>] [global=<0|1>] [CheckDuplicatePh1=<0|1>] [CryptoLoadBalance=<0|1|auto>] [PMTUD=<0|1|2>]
- cfg_domain: 32 domains max
- RetransmitBase: min is 1
- NATKeepalive: period in seconds between keepalive packets when NAT is detected (0 to disable)
- FragmentSize: min is 512
- BypassLocalTraffic: set to 1 to generate a bypass policy for each local IP addresses that are included in the remote IP addresses
- CRLRequired: certificate is checked with OCSP if available and CRL if needed If all checks failed, no tunnel is negociated
- CheckDuplicatePh1: each time a phase1 is up on StrongSwan, we check if an old one should be deleted
- CryptoLoadBalance: 0 to disable load balancing, 1 to enable, auto to let SNS choose
- PMTUD: 0 to disable IPsec DF bit, 1 to force DF bit, 2 to set DF bit only if clear packet has DF bit set

Example

CONFIG IPSEC UPDATE slot=01 dnscfg=host5