D-Link DFL-260E CLI Guide for DFL-260E - Page 177

3.52.9. IPsecTunnelSettings Chapter 3. Configuration Reference ICMPSendPerSecLimit SilentlyDropStateICMPErrors Maximum number of ICMP responses that will be sent each second. (Default: 500) Silently drop ICMP errors regarding statefully tracked open connections. (Default: Yes) Note This object type does not have an identifier and is identified by the name of the type only. There can only be one instance of this type. 3.52.9. IPsecTunnelSettings Description Settings for the IPsec tunnel interfaces used for establishing IPsec VPN connections to and from this system. Properties IPsecMaxTunnels IPsecMaxRules IKESendInitialContact IKESendCRLs IKECRLValidityTime IKEMaxCAPath IPsecCertCacheMaxCerts IPsecBeforeRules IPsecGWNameCacheTime DPDMetric FlowMetric IPsecDPDNoWaitWorryTime Amount of IPsec tunnels allowed (0 = automatic). (Default: 0) Amount of IPsec rules allowed (0 = automatic). (Default: 0) Send 'initial contact' messages. (Default: Yes) Send CRLs in the IKE exchange. (Default: Yes) Maximum number of seconds a CRL is considered valid (0=obey the 'next update' field in the CRL). (Default: 86400) Maximum number of CA certificates in a certificate path. (Default: 15) Maximum number of entries in the certificate cache. (Default: 1024) Pass IKE & IPsec (ESP/AH) traffic sent to the security gateway directly to the IPsec engine without consulting the ruleset. (Default: Yes) Amount of time to keep an IPsec tunnel open when the remote DNS name fails to resolve. (Default: 14400) Metric 10s of seconds with no traffic or other evidence of life in tunnel before SA is removed. (Default: 3) Minimum number of seconds without data traffic in a flow to activate IKE DPD liveness checks from the corresponding IKE SA. (Default: 15) Do not wait for 10 times the value of DPD Metric after the value of Flow Metric has expired without 177