Ipsec Advanced Settings - D-Link NetDefendOS User Manual

1. Go to: Network > Interfaces and VPN > IPsec
2. Select the tunnel my_ipsec_tunnel1
3. Enter the following under Tunnel Monitor:
• Enable the Tunnel Monitor option
• Monitored IP: 203.0.11.5
• Max Loss: 5
4. Click OK

9.4.9. IPsec Advanced Settings

The following NetDefendOS advanced settings are global settings that will apply to all IPsec
tunnels. They can be found in the Web Interface by going to: Network > Interfaces and VPN >
IPsec > Advanced Settings.
General Settings (IKEv1 and IKEv2)
IPsec DS Field
The IPsec DS Field This setting is specified on a per tunnel value. The value specified is copied
into the Differentiated Service Field in the outer IP header of ESP packets sent by NetDefendOS as
part of the IPsec tunnel. In other words, no matter what the DS field value of the inner ESP
packets being carried by the tunnel, this value will replace it.
If no value is specified (the default) then the DSF value of the tunnel's inner packets will be
copied into the outer header of the tunnel's outbound ESP packets.
The DS field value is part of the DiffServ architecture and specifies a Quality of Service (QoS)
requirement for the traffic as it passes through other devices such as routers. Diffserv is discussed
further in Section 10.1, "Traffic Shaping".
IPsec Max Rules
This specifies the total number of IP rules that can be connected to IPsec tunnels. By reducing the
number of rules, memory requirements can be reduced but making this change is not
recommended.
Default: Depends on the hardware model
IPsec Max Tunnels
Specifies the total number of IPsec tunnels allowed. The setting is used by NetDefendOS to
allocate memory for IPsec. If it is desirable to have less memory allocated for IPsec then this
setting can be reduced. Increasing the setting cannot override the limit of the hardware model.
A warning log message is generated automatically when 90% of this setting's value is reached.
723
Chapter 9: VPN