Edimax Technology ER-1088 User Manual
Page 64
passes - a Detection packet is sent to the peer.
• Retry Times – The number of times a device will attempt to send the
Detection packet before the Check After Idle time expires.
• Action – This will execute one of the following actions after the
Detection is determined:
Failover - ignores the dead tunnel.
Remove Tunnel - disconnects the dead tunnel.
Keep Tunnel Alive - attempts to keep the tunnel alive.
• Logging – If set to Enable, all DPD activity of will show up in the
VPN log.
Options
• NetBIOS Broadcast – This option is used to forward NetBIOS
packets across the Internet from remote side to local side and vice
versa. When enabled, the remote side computer can be reached by
a host name.
• Auto Triggered – If set to Enable, a device will automatically
attempt to connect the remote VPN gateway without any user input.
• Anti Replay – This ensures that IP packet-level security is kept
track of in order.
• Passive (Responder) Mode – When enabled, the tunnel state will
remain idle until an attempt is made to connect to the remote side.
This setting will override the Auto Triggered option.
• Check ESP Pad – If set to Enable, a device will check the ESP
(Encapsulating Security Payload) padding of each packet. ESP is a
key protocol in the IPSec architecture which is designed to provide
a mix of security services in IPv4 and IPv6.
• Allow Full ECN – If set to Enable, it will allow full Explicit
Congestion Notification (ECN). ECN is a standard proposed by the
IETF that will minimizes congestion on a network and prevent the
gateway from dropping data packets.
• Copy DF Flag – When an IP packet is encapsulated as payload
inside another IP packet, some of the outer header fields can be
newly written while others are determined by the inner header.
Among these fields is the IP DF (Do not Fragment) flag. When the
inner packet DF flag is clear, the outer packet may copy it or set it.
However, when the inner DF flag is set, the outer header MUST
copy it.
• Set DF Flag- If the DF (Do not Fragment) flag is set; it means that
the fragmentation of this packet at the IP level is not permitted.
Page 60