Filter
Top Products
Chapter 16 IPSec Commands
ZyWALL (ZyNOS) CLI Reference Guide
127
ipsec swSkipOverlapIp <on|off> Turn this on to send packets destined for
overlapping local and remote IP addresses to the
local network (you can access the local devices but
not the remote devices).
Turn this off to send packets destined for
overlapping local and remote IP addresses to the
remote network (you can access the remote devices
but not the local devices.)
R+B
ipsec swCfScan <on|off> Enables or disables content filtering for IPSec
packets.
R+B
ipsec adjTcpMss <off|auto|user
-
defined
-
value>
The TCP packets are larger after VPN encryption.
Packets larger than a connection’s MTU (Maximum
Transmit Unit) are fragmented.
auto: Automatically set the Maximum Segment
Size (MSS) of the TCP packets that are to be
encrypted by VPN based on the encapsulation type.
Recommended.
user
-
defined
-
value: If fragmentation issues are
affecting your network’s throughput performance,
you can manually specify a smaller MSS (1~1460
bytes).
R+B
ipsec ha debug <on|off|runtime|spt> Controls whether the HA debugging information is
displayed or not on console. Sets the runtime or spt
with the command to display runtime data or the
data stored in the ZyWALL’s non-volatile memory.
R+B
ipsec Drop <policy-index> Disconnects the specified tunnel. R+B
ipsec swSkipPPTP <on|off> Set on to not forward PPTP packets to an IPSec
tunnel.
R+B
ipsec initContactMode
<tunnel|gateway>
Enables initial contact based on tunnel or gateway
mode. In gateway mode, the ZyWALL would
disconnect all tunnels behind a same NAT router
after receiving a notify of initial contact. In the same
case, the ZyWALL just disconnect one tunnel.
R
ipsec pingCheckDropEnable <on|off> Turn this on to drop a tunnel if the number of VPN
ping check packet retries reaches its limit, even
when VPN HA is not enabled. Turn this off to have
the device only do this when VPN HA is enabled.
R+B
ipsec pingPeriod <10-600> Sets how many seconds the ZyWALL waits for a
reply to a VPN ping check before dropping the
tunnel.
R+B
ipsec pingRetryCnt <1-10> Sets the number of retries for a VPN ping check. R+B
ipsec swDevTri <on|off> Enables the ZyWALL to forward traffic from itself
through a VPN tunnel. The traffic includes time zone
update, AV/IDP signature updates, WAN
connectivity ping checks, VPN connectivity ping
checks, and remote management.
R+B
Table 61 Ipsec Commands (continued)
COMMAND DESCRIPTION M