Properties

IPsecMaxTunnels

Amount of IPsec tunnels allowed (0 = automatic). (Default: 0)

IPsecMaxRules

Amount of IPsec rules allowed (0 = automatic). (Default: 0)

IKESendInitialContact

Send 'initial contact' messages. (Default: Yes)

IKESendCRLs

Send CRLs in the IKE exchange. (Default: Yes)

IKECRLValidityTime

Maximum number of seconds a CRL is considered valid (0=obey the 'next update' field in the CRL). (Default: 86400)

IKEMaxCAPath

Maximum number of CA certificates in a certificate path. (Default: 15)

IPsecCertCacheMaxCerts

Maximum number of entries in the certificate cache. (Default: 1024)

IPsecBeforeRules

Pass IKE & IPsec (ESP/AH) traffic sent to the firewall directly to the IPsec engine without consulting the ruleset. (Default: Yes)

IPsecHardwareAcceleration

IPsec hardware acceleration. (Default: Coprocessor)

IPsecDisablePKAccel

Disable hardware acceleration for public-key operations. (Default: No)

AESNIEnable

Enable AES-NI acceleration for processors that support it. (Default: Yes)

IPsecXCBCFallbackToRFC3664

Enable fallback to XCBC RFC3664 if XCBC RFC4344 fails when using IKEv2. (Default: Yes)

IPsecDeleteSAOnIPValidationFailure

Enable tunnel deletion when decrypted source IP address doesn't match the remote net. (Default: No)

IPsecSAKeepTime

Number of seconds a SA will linger after a delete. (Default: 3)

IPsecForceRequireCookie

Force requirement of cookies. Used for test purposes only! (Default: No)

IPsecDisableCallingStationID

Disable calling station ID and called station ID in RADIUS messages. (Default: No)

IpsecUseClientCfgModeAttributes

Use client requested subnet attributes for config mode. (Default: No)

IPsecAllowIKEPortChange

Allow port change to 4500 in IKE negotiation even when no NAT is detected. (Default: No)

IPsecESPDetectNATChange

Use inbound ESP packets to detect that NAT mappings have changed. (Default: Yes)

MSIPsecDupIPsecSA

Handling of duplicate non rekey IKEv2 IPsec SAs for Microsoft clients. (Default: First)