User`s guide

188
Bring this tunnel up
This controls how the IPsec tunnel is brought up. The options are
All the time
Whenever a route to the destination is available
On demand
If the tunnel is down and a packet is ready to be sent
Defines the action that is performed when the IPsec tunnel is down and a packet needs to
be sent. The options are
Bring the tunnel up
Drop the packet
Send the packet without encryption and authentication
Bring this tunnel down if it is idle for h hrs m mins s secs
This parameter is used when the IPsec tunnel is configured to come up on demand and
defines how long the IPsec tunnel should remain up if there is no traffic is being sent on the
tunnel.
Renew the tunnel after
Defines the constraints of when the IPsec tunnel SA has to be renewed.
h hrs m mins s secs
Re-new the IPsec SA after the specified amount of time.
n units of traffic
Re-new the IPsec SA after the specified amount of traffic has been passed over the
tunnel.
The units can be Kbytes, Mbytes or Gbytes.
A value of 0 means that this parameter will not be used and SAs will expire and be
renewed based time, rather than amount of traffic.
Related CLI Commands
Entity
Instance
Parameter
Equivalent Web Parameter
eroute n descr String Description
eroute n peerip
IP address or
hostname
The IP address or hostname of the
remote unit
eroute n bakpeerip
IP address or
hostname
Use n as a backup unit
eroute n locip IP address IP Address (for Local LAN)
eroute n locmsk IP Mask IP Mask (for Local LAN)
eroute n locipifent blank, ETH, PPP
Use interface x,y
x = Interface type
eroute n locipifadd Integer
Use interface x,y
y = interface number
eroute n remip IP address IP Address (for Remote LAN)
eroute n remmsk IP Mask IP Mask (for Remote LAN)