*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> sys_attrs_ipsec (5)              



NAME    [Toc]    [Back]

       sys_attrs_ipsec - ipsec subsystem attributes

DESCRIPTION    [Toc]    [Back]

       This reference page lists and describes attributes for the
       Internet Protocol Security (ipsec) kernel subsystem. Refer
       to  the sys_attrs(5) reference page for an introduction to
       the topic of kernel subsystem attributes.

              A value that enables (1) or disables (0) the  ability
  of  IPsec  to intercept packets when ipsecd is
              not running. If  ipsecd  is  not  running  and  the
              attribute  is  enabled, packets will be dropped. By
              default, this attribute is enabled  when  IPsec  is
              started by using the normal startup procedures.

              Default value: 1 (enabled)

              Do  not modify this attribute unless you understand
              the security consequences for your system.  If  you
              disable  this  attribute,  you might send sensitive
              traffic without IPsec protection or receive traffic
              that should be blocked.

              A value that enables (1) or disables (0) a system's
              ability to pass traffic to and receive traffic from
              a  cluster  interconnect interface without Internet
              Protocol Security (IPsec) processing.

              Default value: 1 (enabled)

              We recommend that this attribute remain enabled. If
              you disable this attribute, you must then configure
              an IPsec policy to include the cluster interconnect
              addresses.  However, even with an IPsec policy configured,
 it is not possible to secure  all  cluster
              interconnect traffic with IPsec as the cluster generates
  traffic  before  the  security  policy   is
              started.  See  the  Network Administration: Connections
 manual for more information about configuring

              The time interval between updates of IPsec Security
              Association (SA) statistics by the kernel.  If  you
              have  a  very  large  number  of  SAs, increase the
              stats_update_interval value to reduce the  overhead
              of maintaining the statistics.

              Default value: 5 (seconds)

              Minimum value: 1

              Maximum value: 60

SEE ALSO    [Toc]    [Back]


       Network Administration: Connections

       System Configuration and Tuning

[ Back ]
 Similar pages
Name OS Title
ipsec_mgr Tru64 Manipulate the state of the IPsec subsystem
sys_attrs_bcm Tru64 bcm subsystem attributes
sys_attrs_emx Tru64 emx subsystem attributes
sys_attrs_ee Tru64 ee subsystem attributes
sys_attrs_dli Tru64 dli subsystem attributes
sys_attrs_lag Tru64 lag subsystem attributes
sys_attrs_net Tru64 net subsystem attributes
sys_attrs_tc Tru64 tc subsystem attributes
sys_attrs_isp Tru64 isp subsystem attributes
sys_attrs_isa Tru64 isa subsystem attributes
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service