17.1.1. IPSec General Settings

You can find the IPSec Settings at VPN → IPSec → Global Settings.

IPsec Global Settings

Enable Cisco Extension might be necessary to have multiple IPSec Phase 2 entries in IKEv1, if the remote side needs it.

Exclude LAN Network allows to exclude traffic from LAN subnet to LAN IP address from IPsec.

Replay Window Protection is the size of the AH/ESP replay window, in packets. Default is 2048. The replay window affects the performance.

Hardware Offload can be Auto or No. Default is Auto. If you have a Mellanox or Intel card with a compatible IPSec offload auto will detect and offload the connection. Logging

You can configure various logging settings. The three most important logging settings are

  • IKE SA

  • IKE SA Child

  • Configuration Backend

If you run into any configuration issues with IPSec, it is advisable to change the logging to DEBUG on those Settings. Under Advanced Settings you can configure more advanced logging settings.