Advanced Setup

This screen helps in setting up the advanced options for IPsec Service.

Advanced Setup

The advanced options consists of:

● Unique Ids: whether a particular participant ID should be kept unique, with any new (automatically keyed) connection using an ID from a different IP address deemed to replace all old ones using that ID; acceptable values are yes and no (the default).

● Override Default MTU Value: Allows you to specify the MTU (Maximum Transmission Unit) of the IPsec interface.

● NAT Traversal: An Ipsec tunnel cannot go through a NAT box because the NAT box wants to update the IP addresses inside the encrypted data and it doesn't have the key. Even IPsec transport mode has problems because the IP address is included in the computation of the TCP or UDP checksum, the NAT box cannot correct the checksum because it is encrypted. NAT boxes sometimes make multiple computers appear at the same IP address by assigning each a subnet if the TCP and UDP port ranges. This technique also fails with NAT boxes because IPsec encrypts the port information.

NAT traversal enables IPsec to be used through NAT boxes by encapsulating IPsec packets inside UDP packets.

● Strict CRL Policy: Strict CRL Policy if enabled will reject any peer certificate that has no CRL available.