HotBrick Network Solutions
Page 57
IPSec Policy options
Tunnel Attribute
The current tunnel attribute that you just setup
Dead Peer Detection
If you like to utilize one of the wan port as a backup or plan failover
function, you can enable Dead Peer Detection function.
Set Options
NetBIOS Broadcast- This is used to forward NetBIOS broadcast
across the Internet. Keep Alive–This is help to keep up the IPSec
connection tunnel. It can be re-established immediately, if a connection
is dropped and detected. Anti Replay – It ensures to keep track of IP
packet-level security in order. Passive mode – This means that your
PC establishes the data connection. If you enable passive mode.
Check ESP Pad – If enable ESP(Encapsulating Security Payload),it
will check ESP padding. Allow Full ECN – Enable will allow full Explicit
Congestion Notification (ECN). ECN is a standard proposed by the
IETF that will cut down on network congestion and routers dropping
packets. Copy DF Flag – When an IP packet is encapsulated as
payload inside another IP packet, some of the outer header fields can
be newly written, and others are determined by the inner header.
Among these fields is the IP DF (don't fragment) flag. When the inner
packet DF flag is clear, the outer packet may copy it or set it; however,
when the inner DF flag is set, the outer header MUST copy it. Set DF
Flag- If this DF (Do not Fragment) flag is set, it means the
fragmentation of this packet at the IP level is not permitted.