| Index |
| A unique index identifying this entry. |
| Description |
| An optional description for this profile. |
| Proposal |
| The index of the IPSec proposal used for this profile. |
| PfsGroup |
| The Diffie Hellman group used for additional Perfect Forward Secrecy (PFS) DH exponentiations. Possible values: -1: do not use PFS 0: use value from default profile (do not use PFS if this is the default profile) 1: a 768-bit MODP group, 2: a 1024-bit MODP group, 5: a 1536-bit MODP group, 14: a 2048-bit MODP group, 15: a 3072-bit MODP group, 16: a 4096-bit MODP group. |
| LifeTime |
| This object specifies an index in the ipsecLifeTimeTable. The usage of this object is deprecated, use the ipsecPrfLifeXxx variables directly instead. |
| Heartbeats |
| This object specifies whether heartbeats should be sent over phase 2 SAs for this profile. Possible values: none(1), -- neither send nor expect heartbeats expect(2), -- expect heartbeats send(3), -- send heartbeats both(4). -- send and expect heartbeats default(5), -- use settings from peer or global profile (auto if this is the global profile) auto(6) -- detect support using vendor id. (only IKEv1) |
| PmtuDiscovery |
| This object specifies the PMTU discovery policy for this peer. Possible values: disabled(1), -- do not perform PMTU discovery enabled(2) -- perform PMTU discovery default(3) -- use settings from peer or global profile -- (enabled if this is the global profile). |
| Granularity |
| This object specifies the granularity with which SA's are created with this profile. Possible values: default(1), -- use granulaity settings from default profile -- (coarse if this is the default profile) coarse(2), -- Create only one SA for each Traffic entry ip(3), -- Create one SA for each host proto(4), -- Create one SA for each protocol and host port(5) -- Create one SA for each port and host. |
| KeepAlive |
| This object specifies whether IKE SA's are rekeyed even if there was no data transferred over them. Possible values: true(1), -- rekey SA's even if no data was transferred false(2), -- do not rekey SA's if no data was transferred default (3), -- use value from default profile -- (false if this is the default profile) delete (4) -- mark this entry for deletion. |
| VerifyPad |
| This object is a compatibility option for older ipsec implementations. It enables or disables an old way of ESP padding (no self describing padding). Possible values: true(1), -- normal, self-describing ESP padding false(2), -- old style ESP padding default(3) -- use setting from peer or global profile (true if this is the global profile). |
| ForceTunnelMode |
| This object specifies the strategy when transport mode is used. By default, the system always uses transport mode, if possible. If this variable is set to true, always tunnel mode will be used for this traffic entry, even if source and destination address match the tunnel endpoints. Possible values: true(1), -- Use tunnel mode even if transport mode is possible false(2), -- Use transport mode whenever possible default(3), -- Use settings from default profile (if this is the default, false is assumed) tp-greip(5) -- Use transport mode with GRE encapuslation. |
| LifeSeconds |
| The maximum time (in seconds) after which an SA will be deleted. |
| LifeKBytes |
| The maximum amount of data (in KB) which may be protected by an SA before it is deleted. |
| LifeRekeyPercent |
| The percentage of the lifetimes (traffic and time based) after which rekeying is started. |
| LifePolicy |
| This object specifies the way a lifetime proposal is handled. Possible values: loose(1), -- accept and use anything proposed strict(2), -- accept and use only what is configured notify(3) -- accept anything, if own values are smaller than what was proposed use these and send responder lifetime notification use_default_lifetime(4) -- use lifetime values from default -- profile. |