17.1.3. IPSec Phase 2ΒΆ

Phase 2 entries can be created below the current Phase 1 entry.

Local Network is the network or address on the VT AIR that should be accessible from the remote side.

Remote Network is the network or address that should be accessible from the VT AIR side on the remote side.

IPSec Phase 2 Addresses

Each pair of Local <-> Remote Networks needs a Phase 2 entry. In the background the system will create a mapping between the two in order to send it through the IPSec Tunnel.

Algorithms can be a mix of any of the algorithms. You can add as many combinations as you like.

Lifetime must also match the remote sides lifetime.

IPSec Phase 2 Algorithms

Ping Check enables a ping check agains an IP on the other side of the tunnel. Make sure that at least one of the ipaddresses of the VT AIR is part of the Phase 2 network definition.

Ping IP Address the remote ipaddress to ping (must be in the remote network range)

Ping Interval the seconds between checks

Ping Retries before the phase 2 is disconnected and reconnected. If you set this value to 0 no disconnect/reconnect is performed on ping errors.

IPSec Phase 2 Ping Check

Note

If you need to create a custom behaviour on the ping check, a custom script can be added to the location /usr/local/bin/check_ipsec_custom. It receives two environment variables, PHASE2 with the phase2 name and RESULT with the ping result. 0 is success and 1 is failure.