3-34 Command Line Interface Commands Reference
cp { name index } ipsec
These commands allow you to specify or show the maximum period of time (in seconds) an IPsec tunnel endpoint should wait for the peer’s response to its earliest ping request. If the peer does not respond within this period, it is deemed to be a dead peer tunnel. Default is 90 seconds.
IPSec MTU Command
Beginning with Version 8.4 firmware, the Command Line Interface supports the following new Connection Profile configuration command:
IPSec MTU Connection Profile Command
cp [ name index ] ipsec mtu value
show cp [ name index ] ipsec mtu
cp [ name index ] ipsec mtu value show cp [ name index ] ipsec mtu
These commands allow you to specify or show a manual maximum transmission unit (MTU) – also called Maximum Packet Size – parameter for the specified Connection Profile. The maximum value (also the default) is 1500, and the minimum is 100.
This is the starting value that is used for the MTU when the IPSec tunnel is installed. It specifies the maximum IP packet length for the encapsulated AH or ESP packets sent by the router. The MTU used on the IPSec connection will be automatically adjusted based on the MTU value in any received ICMP can't fragment error messages that correspond to IPSec traffic initiated from the router. Normally the MTU only requires manual configuration if the ICMP error messages are blocked or otherwise not received by the router.
