Set shared items of [IPsec Policy].
The settings of common items are applied to all groups.
Setting item | Description |
---|---|
[Cookies] | Configure settings that enable Cookie. Cookie is only applied to the IPsec transmission that uses IKEv2. |
[ICMP Pass Settings] | Configure settings to pass ICMP packets without applying IPsec to ICMP (Internet Control Message Protocol). |
[ICMPv6 Pass Settings] | Configure settings to pass ICMPv6 packets without applying IPsec to ICMPv6 (Internet Control Message Protocol for IPv6). |
[default action] | Set the operation when there is no setting that matches [IPsec Policy] when IPsec communication is enabled. Select [Deny] if you want to discard IP packets that do not match the [IPsec Policy] settings. |
[Expiration Date] | Configure settings to check if the certificate is within the expiration date. Set to [Confirm] if you want to enhance the certificate verification. |
[Key Usage] | Configure settings to confirm that the certificate is used according to the intended use approved by the certificate issuer. Set to [Confirm] if you want to enhance the certificate verification. |
[Chain] | Configure settings to check whether there are any problems in the certificate chain (certificate path). Set to [Confirm] if you want to enhance the certificate verification. To confirm the chain (certificate path), refer to the external certificate managed in the system. For details, refer to [External Certificate Setting]. |
[Expiration Date Confirmation] | Configure settings to confirm whether the certificate is valid. Set to [Confirm] if you want to enhance the certificate verification. |
[Dead Peer Detection] | Set the time until the existence confirmation is sent to the IPsec communication partner by increasing or decreasing by 15 seconds when there is no response from the IPsec communication partner. Range: [15 sec.] to [120 sec.] Deletes the SA (Security Association) with the communication partner when there is no response to the existence confirmation. |