TMS zl Management and Configuration Guide ST.1.1.100226
A-134
Command-Line Reference
IPsec Policy Context
advanced
The TMS zl Module supports these advanced features:
■ IP compression
■ Extended sequence number
■ Re-key on sequence number overflow
■ Persistent tunnels
■ Fragmentation before IPsec
■ Customizable anti-replay window size
■ The copying of values from the original IP header
The following command allows you to enable (or disable) the IPsec policy’s
advanced settings.
Syntax: [no] advanced <advanced options>
You can specify any of the extended options shown in Table A-23, but you can
enter only one option at a time. Table A-23 also describes the feature associ-
ated with the option and indicates the default setting.
Use the no option to disable a feature. (You cannot use this option with the
anti-replay-win-size option, which sets the size for the anti-replay window,
which is always enabled.)
Table A-40. Advanced IPsec Policy Options
Extended Command Option Purpose Default setting
ip-compression enable Enables the TMS zl Module to compress IP
packets before encryption, which can help
to increase network performance.
Disabled
extended-seq-num enable Enables 64 bit sequence numbers to allow
up to 2
64
(18 quintillion) packets per SA.
Disabled
rekey-seq-number-overf enable Enables the TMS zl Module to automatically
renegotiate the SA before it reaches the last
sequence number.
Enabled
persistent-tunnel enable Enables a tunnel to always remain open,
even if it remains inactive longer than the
lifetime
Disabled
fragment-before-ipsec enable Enables the TMS zl Module to fragment
packets before encryption, helping the
remote tunnel endpoint process and
decrypt the packets more quickly
Enabled