D-Link DFL-800-AV-12 User Manual - Page 328
IPsec Settings
View all D-Link DFL-800-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 328 highlights
13.13. IPsec Settings Chapter 13. Advanced Settings 13.13. IPsec Settings IKESendInitialContact Determines whether or not IKE should send the "Initial Contact" notification message. This message is sent to each remote gateway when a connection is opened to it and there are no previous IPsec SA using that gateway. Default: Enabled IKESendCRLs Dictates whether or not CRLs (Certificate Revocation Lists) should be sent as part of the IKE exchange. Should typically be set to ENABLE except where the remote peer does not understand CRL payloads. Default: Enabled IKECRLValidityTime A CRL contains a "next update" field that dictates the time and date when a new CRL will be available for download from the CA. The time between CRL updates can be anything from a few hours and upwards, depending on how the CA is configured. Most CA software allow the CA administrator to issue new CRLs at any time, so even if the "next update" field says that a new CRL is available in 12 hours, there may already be a new CRL for download. This setting limits the time a CRL is considered valid. A new CRL is downloaded when IKECRLVailityTime expires or when the "next update" time occurs. Whichever happens first. Default: 90000 IKEMaxCAPath When the signature of a user certificate is verified, NetDefendOS looks at the 'issuer name' field in the user certificate to find the CA certificate the certificate was signed by. The CA certificate may in turn be signed by another CA, which may be signed by another CA, and so on. Each certificate will be verified until one that has been marked trusted is found, or until it is determined that none of the certificates were trusted. If there are more certificates in this path than what this setting specifies, the user certificate will be considered invalid. Default: 15 IPsecCertCacheMaxCerts Maximum number of certificates/CRLs that can be held in the internal certificate cache. When the certificate cache is full, entries will be removed according to an LRU (Least Recently Used) algorithm. Default: 1024 IPsecBeforeRules Pass IKE & IPsec (ESP/AH) traffic sent to NetDefendOS directly to the IPsec engine without consulting the rule set. Default: Enabled 328