rtr.RtrIPSecTunnel (NSP Network Functions Manager

rtr
RtrIPSecTunnel

Inheritance Hierarchy
- ManagedObject
  - rtr. RtrIPSecTunnel

Parent Hierarchy
- netw.Network
  - netw.NetworkElement
    - rtr.VirtualRouter
      - rtr.NetworkInterface
        
        rtr.IPSecSecuredInterface
        
        rtr.RtrIPSecTunnel [[network]:[${systemAddress}]:[router-${*routingInstanceId}]:[ip-interface-${*id}]:[ipsec]:[ipscTnl-${tunnelName}]]
- service.ServiceManager
  - ies.Ies
    - ies.Site
      - ies.L3AccessInterface
        
        rtr.IPSecSecuredInterface
        
        rtr.RtrIPSecTunnel [svc-mgr:[service-${*id}]:[${siteId}][-switch-$%{ethernetSwitchCardPointer}]:[ip-interface-${*id}]:[ipsec]:[ipscTnl-${tunnelName}]]
  - vprn.Vprn
    - vprn.DVRSSite
      - vprn.L3AccessInterface
        
        rtr.IPSecSecuredInterface
        
        rtr.RtrIPSecTunnel [svc-mgr:[service-${*id}]:[${siteId}][-switch-$%{ethernetSwitchCardPointer}]:[ip-interface-${*id}]:[ipsec]:[ipscTnl-${tunnelName}]]
    - vprn.Site
      - vprn.L3AccessInterface
        
        rtr.IPSecSecuredInterface
        
        rtr.RtrIPSecTunnel [svc-mgr:[service-${*id}]:[${siteId}][-switch-$%{ethernetSwitchCardPointer}]:[ip-interface-${*id}]:[ipsec]:[ipscTnl-${tunnelName}]]

Relationships
- many rtr.RtrIPSecTunnels may be direct children of one rtr.IPSecSecuredInterface (child-parent relationship)
- one rtr.RtrIPSecTunnel may be a direct parent of many rtr.IPSecSecurityAssociations (parent-child relationship)
- one rtr.RtrIPSecTunnel may be a direct parent of one rtr.IPSecTunnelBfd (parent-child relationship)

RtrIPSecTunnel

Relative Name=[[ipscTnl-${tunnelName}]]

Displayed Name=IPSec Tunnel

Properties
adminState	This specifies the administrative state of the tunnel. type=netw.AdministrativeState default=tmnxOutOfService Displayed(tab/group)=Administrative State (States)
autoEstablish	Specifies whether to attempt to establish a phase 1 exchange automatically. type=boolean default=false Displayed(tab/group)=Auto-Establish (Dynamic Keying)
bfdDesignate	The Designated parameter specifies whether the IPsec tunnel is the designated BFD tunnel. type=boolean default=false Displayed(tab/group)=Designated (BFD)
bfdEnable	The Enabled parameter specifies whether to create a BFD object for the IPsec tunnel. type=boolean default=false Displayed(tab/group)=Enabled (BFD)
certProfileName	type=string default= Displayed(tab/group)=Certificate Profile (Dynamic Keying/Certificate)
clearDfBit	This specifies whether to clear Do not Fragment (DF) bit in the outgoing packets in this tunnel. type=boolean default=false Displayed(tab/group)=Clear Do-Not-Fragment Bit (/IP Fragmentation)
copyTrafficClass	While set to true, it will cause DSCP/ECN(IPv4) or traffic class(IPv6) to be copied from outer IP header to inner IP header after decapsulation. type=boolean default=false Displayed(tab/group)=Copy Traffic Class Upon Decapsulation
creationOrigin	type=svt.L2RouteOriginType access=read-create default=manual
defaultResult	This specifies the default result when both primary and secondary method failed to provide an answer. type=ipsec.DefaultResultVal default=revoked Displayed(tab/group)=Default Result (Dynamic Keying/Certificate Status Verification)
description	Specifies the user-provided description for the tunnel. type=string default= minimum=0 maximum=80 Displayed(tab/group)=Description
dynamicKeyTransformId1	The Transform ID 1 parameter specifies the IPsec transform policy that is associated with the IPsec tunnel. type=long default=0 minimum=0 maximum=2048 Displayed(tab/group)=Transform ID 1 (Dynamic Keying)
dynamicKeyTransformId2	The Transform ID 1 parameter specifies the IPsec transform policy that is associated with the IPsec tunnel. type=long default=0 minimum=0 maximum=2048 Displayed(tab/group)=Transform ID 2 (Dynamic Keying)
dynamicKeyTransformId3	The Transform ID 1 parameter specifies the IPsec transform policy that is associated with the IPsec tunnel. type=long default=0 minimum=0 maximum=2048 Displayed(tab/group)=Transform ID 3 (Dynamic Keying)
dynamicKeyTransformId4	The Transform ID 1 parameter specifies the IPsec transform policy that is associated with the IPsec tunnel. type=long default=0 minimum=0 maximum=2048 Displayed(tab/group)=Transform ID 4 (Dynamic Keying)
encapsulatedIpMtu	This specifies the MTU size for IP packets after tunnel encapsulation has been added. The range is 0 or between 512 and 9000. When a value of zero (0) is specified, it indicates the maximum supported MTU size on the SAP for this tunnel. type=long default=0 minimum=0 maximum=9000 units=Octets Displayed(tab/group)=Encapsulated IP MTU (/IP Fragmentation)
gwAddressType	Specifies the type of address in tmnxIPsecTunnelLclGwAddr. type=rtr.InetAddressType default=ipv4 Displayed(tab/group)=Local Gateway Address Type (/Tunnel Endpoints)
gwIpAddress	Specifies the address of the interface on the remote node of this IPsec tunnel. type=InetAddress default=0.0.0.0 Displayed(tab/group)=Local Gateway Address (/Tunnel Endpoints)
icmp6NumPkt2Big	This specifies how many packet-too-big ICMPv6 messages are issued. type=long default=100 minimum=10 maximum=1000 Displayed(tab/group)=Number of Messages (/ICMPv6 Message Generation)
icmp6Pkt2Big	This specifies whether packet-too-big ICMP messages should be sent. type=boolean default=true Displayed(tab/group)=Packet-Too-Big Messages Enabled (/ICMPv6 Message Generation)
icmp6Pkt2BigTime	This specifies the time frame in seconds that is used to limit the number of packet-too-big ICMPv6 messages issued per time frame. type=long default=10 minimum=1 maximum=60 units=seconds Displayed(tab/group)=Message Time Frame (/ICMPv6 Message Generation)
icmpFragReq	Specifies whether or not 'Fragmentation required and DF flag set' ICMP messages should be sent. If icmpFragReq is not enabled, both icmpFragReqNum and icmpFragReqTime values are set to default. type=boolean default=true Displayed(tab/group)=Fragmentation Messages Enabled (/ICMP Message Generation)
icmpFragReqNum	Specifies how many 'Fragmentation required and DF flag set' ICMP messages are transmitted in the time frame specified by icmpFragReqTime type=long default=100 minimum=10 maximum=1000 Displayed(tab/group)=Number of Messages (/ICMP Message Generation)
icmpFragReqTime	Specifies the time frame in seconds that is used to limit the number of 'Fragmentation required and DF flag set' ICMP messages transmitted per time frame. type=int default=10 minimum=1 maximum=60 units=seconds Displayed(tab/group)=Message Time Frame (/ICMP Message Generation)
ikePolicyId	The Transform ID 1 parameter specifies the IPsec transform policy that is associated with the IPsec tunnel. type=long default=0 minimum=0 maximum=2048 Displayed(tab/group)=IKE Policy (Dynamic Keying)
interfaceId	type=long access=read-only default=0 Displayed(tab/group)=Interface ID (/Interface)
interfaceName	type=string access=read-only default= maximum=252 Displayed(tab/group)=Interface Name (/Interface)
ipMtu	This specifies the MTU size for IP packets for this tunnel. The range is 0 or between 512 and 9000. When a value of zero (0) is specified, it indicates the maximum supported MTU size on the SAP for this tunnel. type=long default=0 minimum=0 maximum=9000 units=Octets Displayed(tab/group)=Configured IP MTU (/IP Fragmentation)
keying	Specifies the keying type that this tunnel will use. type=ipsec.KeyingType Displayed(tab/group)=Keying
localIdType	Specifies the Local ID used for IDi or IDr for IKEv2 tunnels. type=ipsec.LocalIDTypeOption default=none Displayed(tab/group)=Type (Dynamic Keying/Local ID)
localIdValue	Specifies the value associated with Local ID Type. type=string default= minimum=0 maximum=255 Displayed(tab/group)=Value (Dynamic Keying/Local ID)
matchTrustAnchor	type=string access=read-only default= Displayed(tab/group)=Match Trust Anchor (Dynamic Keying/Certificate)
maxNumPh1SaKeys	This specifies the maximum number of security association (SA) phase 1 keys, which can be saved by the system for this IPsec tunnel. type=int default=0 minimum=0 maximum=3 Displayed(tab/group)=Phase 1 (/Max Num of Keys)
maxNumPh2SaKeys	This specifies the maximum number of security association (SA) phase 2 keys, which can be saved by the system, for this IPsec tunnel. type=int default=0 minimum=0 maximum=48 Displayed(tab/group)=Phase 2 (/Max Num of Keys)
operationalFlags	Indicates the reason why the tunnel is operationally down. type=ipsec.TunnelOperFlagsType access=read-only Displayed(tab/group)=Operational Flags (States)
operationalState	This indicates the operational status of tunnel. type=netw.OperationalState access=read-only default=unknown Displayed(tab/group)=Operational State (States)
pMtuDiscoveryAging	Specifies the number of seconds used to age out the learned MTU, which is obtained through path MTU discovery. type=long default=900 minimum=900 maximum=3600 units=seconds Displayed(tab/group)=Path MTU Aging Time (/IP Fragmentation)
preSharedKey	Specifies the shared secret between the two peers forming the tunnel. The value of tmnxIPsecTunnelIkePreSharedKey is a valid and non null string only if the value of tmnxIPsecTunnelKeyingType is 'dynamic'. type=string default= minimum=0 maximum=64 Displayed(tab/group)=Pre-shared key (Dynamic Keying)
primary	This specifies the primary method used to verify revocation status of the peer's certificate. type=ipsec.PrimaryVal default=crl Displayed(tab/group)=Primary (Dynamic Keying/Certificate Status Verification)
privateSap	Specifies the SAP encapsulation value. type=int access=read-create default=0 minimum=0 maximum=4094 Displayed(tab/group)=Private Sap Encapsulation
privateSvcId	Specifies the private service ID of this tunnel. type=long access=read-only default=0
privateSvcName	Specifies the private service name of this tunnel. type=string default=
privateTcpMssAdjust	Specifies the Maximum Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is sent from the private network to the public network. The system may use this value to adjust or insert the MSS option in TCP SYN packet. Valid values (-1\|512..9000). The value of '-1' specifies that the TCP MSS adjustment functionality on the private side is disabled. type=long default=-1 minimum=-1 maximum=9000 Displayed(tab/group)=Private (/TCP MSS Adjust)
propogatePMtuV4	Specifies whether or not to propogate a path MTU to IPv4 hosts. type=boolean default=true Displayed(tab/group)=Propogate Path MTU IPv4 (/IP Fragmentation)
propogatePMtuV6	Specifies whether or not to propogate a path MTU to IPv6 hosts. type=boolean default=true Displayed(tab/group)=Propogate Path MTU IPv6 (/IP Fragmentation)
publicTcpMssAdjust	Specifies the Maximum Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is sent from the public network to the private network. The system may use this value to adjust or insert the MSS option in TCP SYN packet. Valid values (-1\|0\|512..9000). The TCP MSS adjustment functionality on the public side network is disabled when the following conditions are met. 1) The value of publicTcpMssAdjust is '-1' or 2) The values of publicTcpMssAdjust and encapsulatedIpMtu are both '0'. The new MSS is calculated based on the following rules. 1) When the value of publicTcpMssAdjust is '0' (auto) and encapsulatedIpMtu has a non-zero value, New MSS = encapsulatedIpMtu - total header size (e.g., encryption, encapsulation, TCP and IP headers) 2) When the value of publicTcpMssAdjust is in the range of (512..9000) New MSS = publicTcpMssAdjust. type=long default=-1 minimum=-1 maximum=9000 Displayed(tab/group)=Public (/TCP MSS Adjust)
remoteAddressType	Specifies the address of the interface on the remote node of this IPsec tunnel. type=rtr.InetAddressType default=ipv4 Displayed(tab/group)=Remote Gateway Address Type (/Tunnel Endpoints)
remoteIpAddress	Specifies the address of the idisplnterface on the remote node of this IPsec tunnel. type=InetAddress default=0.0.0.0 Displayed(tab/group)=Remote Gateway Address (/Tunnel Endpoints)
replayWindow	Specifies the size of the anti-replay window for the IPsec tunnel and Tunnel template. If the value of is set to 0, then the anti-replay feature is disabled. type=ipsec.ReplayWindowType default=0 Displayed(tab/group)=Replay Window
routerId	type=long access=read-only default=0 Displayed(tab/group)=Routing Instance ID (/Routing Instance)
rtr.IPSecSecurityAssociation-Set	type=Children-Set
rtr.IPSecTunnelBfd-Set	type=Children-Set
secondary	This specifies the secondary method used to verify revocation status of the peer's certificate. type=ipsec.SecondaryVal default=none Displayed(tab/group)=Secondary (Dynamic Keying/Certificate Status Verification)
securityPolicyId	Specifies the IPsec security policy entry in the tmnxVRtSecPlcyTable that this tunnel. type=long default=0 minimum=0 maximum=32768 Displayed(tab/group)=Security Policy ID
siteId	type=string access=read-only default=0.0.0.0 maximum=50 Displayed(tab/group)=Site ID (/Site)
trustAnchorProfileName	type=string default= Displayed(tab/group)=Trust Anchor Profile (Dynamic Keying/Certificate)
tunnelName	Specifies the name of the IPSec Tunnel for a given secured interface. type=string access=read-create default= minimum=1 maximum=32 Mandatory on create Displayed(tab/group)=Name

Properties

adminState

This specifies the administrative state of the tunnel.

type=netw.AdministrativeState
default=tmnxOutOfService
Displayed(tab/group)=Administrative State (States)

autoEstablish

Specifies whether to attempt to establish a phase 1 exchange automatically.

type=boolean
default=false
Displayed(tab/group)=Auto-Establish (Dynamic Keying)

bfdDesignate

The Designated parameter specifies whether the IPsec tunnel is the designated BFD tunnel.

type=boolean
default=false
Displayed(tab/group)=Designated (BFD)

bfdEnable

The Enabled parameter specifies whether to create a BFD object for the IPsec tunnel.

type=boolean
default=false
Displayed(tab/group)=Enabled (BFD)

certProfileName

type=string
default=
Displayed(tab/group)=Certificate Profile (Dynamic Keying/Certificate)

clearDfBit

This specifies whether to clear Do not Fragment (DF) bit in the outgoing packets in this tunnel.

type=boolean
default=false
Displayed(tab/group)=Clear Do-Not-Fragment Bit (/IP Fragmentation)

copyTrafficClass

While set to true, it will cause DSCP/ECN(IPv4) or traffic class(IPv6) to be copied from outer IP header to inner IP header after decapsulation.

type=boolean
default=false
Displayed(tab/group)=Copy Traffic Class Upon Decapsulation

creationOrigin

type=svt.L2RouteOriginType
access=read-create
default=manual

defaultResult

This specifies the default result when both primary and secondary method failed to provide an answer.

type=ipsec.DefaultResultVal
default=revoked
Displayed(tab/group)=Default Result (Dynamic Keying/Certificate Status Verification)

description

Specifies the user-provided description for the tunnel.

type=string
default=
minimum=0
maximum=80
Displayed(tab/group)=Description

dynamicKeyTransformId1

The Transform ID 1 parameter specifies the IPsec transform policy that is associated with the IPsec tunnel.

type=long
default=0
minimum=0
maximum=2048
Displayed(tab/group)=Transform ID 1 (Dynamic Keying)

dynamicKeyTransformId2

The Transform ID 1 parameter specifies the IPsec transform policy that is associated with the IPsec tunnel.

type=long
default=0
minimum=0
maximum=2048
Displayed(tab/group)=Transform ID 2 (Dynamic Keying)

dynamicKeyTransformId3

The Transform ID 1 parameter specifies the IPsec transform policy that is associated with the IPsec tunnel.

type=long
default=0
minimum=0
maximum=2048
Displayed(tab/group)=Transform ID 3 (Dynamic Keying)

dynamicKeyTransformId4

The Transform ID 1 parameter specifies the IPsec transform policy that is associated with the IPsec tunnel.

type=long
default=0
minimum=0
maximum=2048
Displayed(tab/group)=Transform ID 4 (Dynamic Keying)

encapsulatedIpMtu

This specifies the MTU size for IP packets after tunnel encapsulation has been added. The range is 0 or between 512 and 9000. When a value of zero (0) is specified, it indicates the maximum supported MTU size on the SAP for this tunnel.

type=long
default=0
minimum=0
maximum=9000
units=Octets
Displayed(tab/group)=Encapsulated IP MTU (/IP Fragmentation)

gwAddressType

Specifies the type of address in tmnxIPsecTunnelLclGwAddr.

type=rtr.InetAddressType
default=ipv4
Displayed(tab/group)=Local Gateway Address Type (/Tunnel Endpoints)

gwIpAddress

Specifies the address of the interface on the remote node of this IPsec tunnel.

type=InetAddress
default=0.0.0.0
Displayed(tab/group)=Local Gateway Address (/Tunnel Endpoints)

icmp6NumPkt2Big

This specifies how many packet-too-big ICMPv6 messages are issued.

type=long
default=100
minimum=10
maximum=1000
Displayed(tab/group)=Number of Messages (/ICMPv6 Message Generation)

icmp6Pkt2Big

This specifies whether packet-too-big ICMP messages should be sent.

type=boolean
default=true
Displayed(tab/group)=Packet-Too-Big Messages Enabled (/ICMPv6 Message Generation)

icmp6Pkt2BigTime

This specifies the time frame in seconds that is used to limit the number of packet-too-big ICMPv6 messages issued per time frame.

type=long
default=10
minimum=1
maximum=60
units=seconds
Displayed(tab/group)=Message Time Frame (/ICMPv6 Message Generation)

icmpFragReq

Specifies whether or not 'Fragmentation required and DF flag set' ICMP messages should be sent. If icmpFragReq is not enabled, both icmpFragReqNum and icmpFragReqTime values are set to default.

type=boolean
default=true
Displayed(tab/group)=Fragmentation Messages Enabled (/ICMP Message Generation)

icmpFragReqNum

Specifies how many 'Fragmentation required and DF flag set' ICMP messages are transmitted in the time frame specified by icmpFragReqTime

type=long
default=100
minimum=10
maximum=1000
Displayed(tab/group)=Number of Messages (/ICMP Message Generation)

icmpFragReqTime

Specifies the time frame in seconds that is used to limit the number of 'Fragmentation required and DF flag set' ICMP messages transmitted per time frame.

type=int
default=10
minimum=1
maximum=60
units=seconds
Displayed(tab/group)=Message Time Frame (/ICMP Message Generation)

ikePolicyId

The Transform ID 1 parameter specifies the IPsec transform policy that is associated with the IPsec tunnel.

type=long
default=0
minimum=0
maximum=2048
Displayed(tab/group)=IKE Policy (Dynamic Keying)

interfaceId

type=long
access=read-only
default=0
Displayed(tab/group)=Interface ID (/Interface)

interfaceName

type=string
access=read-only
default=
maximum=252
Displayed(tab/group)=Interface Name (/Interface)

ipMtu

This specifies the MTU size for IP packets for this tunnel. The range is 0 or between 512 and 9000. When a value of zero (0) is specified, it indicates the maximum supported MTU size on the SAP for this tunnel.

type=long
default=0
minimum=0
maximum=9000
units=Octets
Displayed(tab/group)=Configured IP MTU (/IP Fragmentation)

keying

Specifies the keying type that this tunnel will use.

type=ipsec.KeyingType
Displayed(tab/group)=Keying

localIdType

Specifies the Local ID used for IDi or IDr for IKEv2 tunnels.

type=ipsec.LocalIDTypeOption
default=none
Displayed(tab/group)=Type (Dynamic Keying/Local ID)

localIdValue

Specifies the value associated with Local ID Type.

type=string
default=
minimum=0
maximum=255
Displayed(tab/group)=Value (Dynamic Keying/Local ID)

matchTrustAnchor

type=string
access=read-only
default=
Displayed(tab/group)=Match Trust Anchor (Dynamic Keying/Certificate)

maxNumPh1SaKeys

This specifies the maximum number of security association (SA) phase 1 keys, which can be saved by the system for this IPsec tunnel.

type=int
default=0
minimum=0
maximum=3
Displayed(tab/group)=Phase 1 (/Max Num of Keys)

maxNumPh2SaKeys

This specifies the maximum number of security association (SA) phase 2 keys, which can be saved by the system, for this IPsec tunnel.

type=int
default=0
minimum=0
maximum=48
Displayed(tab/group)=Phase 2 (/Max Num of Keys)

operationalFlags

Indicates the reason why the tunnel is operationally down.

type=ipsec.TunnelOperFlagsType
access=read-only
Displayed(tab/group)=Operational Flags (States)

operationalState

This indicates the operational status of tunnel.

type=netw.OperationalState
access=read-only
default=unknown
Displayed(tab/group)=Operational State (States)

pMtuDiscoveryAging

Specifies the number of seconds used to age out the learned MTU, which is obtained through path MTU discovery.

type=long
default=900
minimum=900
maximum=3600
units=seconds
Displayed(tab/group)=Path MTU Aging Time (/IP Fragmentation)

preSharedKey

Specifies the shared secret between the two peers forming the tunnel. The value of tmnxIPsecTunnelIkePreSharedKey is a valid and non null string only if the value of tmnxIPsecTunnelKeyingType is 'dynamic'.

type=string
default=
minimum=0
maximum=64
Displayed(tab/group)=Pre-shared key (Dynamic Keying)

primary

This specifies the primary method used to verify revocation status of the peer's certificate.

type=ipsec.PrimaryVal
default=crl
Displayed(tab/group)=Primary (Dynamic Keying/Certificate Status Verification)

privateSap

Specifies the SAP encapsulation value.

type=int
access=read-create
default=0
minimum=0
maximum=4094
Displayed(tab/group)=Private Sap Encapsulation

privateSvcId

Specifies the private service ID of this tunnel.

type=long
access=read-only
default=0

privateSvcName

Specifies the private service name of this tunnel.

type=string
default=

privateTcpMssAdjust

Specifies the Maximum Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is sent from the private network to the public network. The system may use this value to adjust or insert the MSS option in TCP SYN packet. Valid values (-1|512..9000). The value of '-1' specifies that the TCP MSS adjustment functionality on the private side is disabled.

type=long
default=-1
minimum=-1
maximum=9000
Displayed(tab/group)=Private (/TCP MSS Adjust)

propogatePMtuV4

Specifies whether or not to propogate a path MTU to IPv4 hosts.

type=boolean
default=true
Displayed(tab/group)=Propogate Path MTU IPv4 (/IP Fragmentation)

propogatePMtuV6

Specifies whether or not to propogate a path MTU to IPv6 hosts.

type=boolean
default=true
Displayed(tab/group)=Propogate Path MTU IPv6 (/IP Fragmentation)

publicTcpMssAdjust

Specifies the Maximum Segment Size (MSS) for the TCP traffic in an IPsec tunnel which is sent from the public network to the private network. The system may use this value to adjust or insert the MSS option in TCP SYN packet. Valid values (-1|0|512..9000). The TCP MSS adjustment functionality on the public side network is disabled when the following conditions are met. 1) The value of publicTcpMssAdjust is '-1' or 2) The values of publicTcpMssAdjust and encapsulatedIpMtu are both '0'. The new MSS is calculated based on the following rules. 1) When the value of publicTcpMssAdjust is '0' (auto) and encapsulatedIpMtu has a non-zero value, New MSS = encapsulatedIpMtu - total header size (e.g., encryption, encapsulation, TCP and IP headers) 2) When the value of publicTcpMssAdjust is in the range of (512..9000) New MSS = publicTcpMssAdjust.

type=long
default=-1
minimum=-1
maximum=9000
Displayed(tab/group)=Public (/TCP MSS Adjust)

remoteAddressType

Specifies the address of the interface on the remote node of this IPsec tunnel.

type=rtr.InetAddressType
default=ipv4
Displayed(tab/group)=Remote Gateway Address Type (/Tunnel Endpoints)

remoteIpAddress

Specifies the address of the idisplnterface on the remote node of this IPsec tunnel.

type=InetAddress
default=0.0.0.0
Displayed(tab/group)=Remote Gateway Address (/Tunnel Endpoints)

replayWindow

Specifies the size of the anti-replay window for the IPsec tunnel and Tunnel template. If the value of is set to 0, then the anti-replay feature is disabled.

type=ipsec.ReplayWindowType
default=0
Displayed(tab/group)=Replay Window

routerId

type=long
access=read-only
default=0
Displayed(tab/group)=Routing Instance ID (/Routing Instance)

rtr.IPSecSecurityAssociation-Set

type=Children-Set

rtr.IPSecTunnelBfd-Set

type=Children-Set

secondary

This specifies the secondary method used to verify revocation status of the peer's certificate.

type=ipsec.SecondaryVal
default=none
Displayed(tab/group)=Secondary (Dynamic Keying/Certificate Status Verification)

securityPolicyId

Specifies the IPsec security policy entry in the tmnxVRtSecPlcyTable that this tunnel.

type=long
default=0
minimum=0
maximum=32768
Displayed(tab/group)=Security Policy ID

siteId

type=string
access=read-only
default=0.0.0.0
maximum=50
Displayed(tab/group)=Site ID (/Site)

trustAnchorProfileName

type=string
default=
Displayed(tab/group)=Trust Anchor Profile (Dynamic Keying/Certificate)

tunnelName

Specifies the name of the IPSec Tunnel for a given secured interface.

type=string
access=read-create
default=
minimum=1
maximum=32
Mandatory on create
Displayed(tab/group)=Name

Properties inherited from ManagedObject
actionMask, children-Set, deploymentState, isFaultSquelched, name, objectFullName, selfAlarmed

Properties inherited from ManagedObject

actionMask, children-Set, deploymentState, isFaultSquelched, name, objectFullName, selfAlarmed

Supported Network Elements
7750 SR	Supported from 19.7.R1 Excluded chassis types: 7750-SR12, 7750-SR24, 7750-SR4, 7750-SR1, 7750-SR7, 7750-SRc12, 7750-SRc4, 7750-SR12e, 7750-SRa4, 7750-SRa8, 7750 SR-1e, 7750 SR-2e, 7750 SR-3e, ES 7750 SRc4, TS 7750 SRc4, 7750-SR1 Fixed CFM, 7750 SR-1x-48D, 7750 SR-1-48D, 7750 SR-1-24D, 7750 SR-1x-92S, 7750 SR-1-92S, 7750 SR-1-46S, 7750 SR-7s, 7750 SR-1s, 7750 SR-1se, 7750 SR-2s, 7750 SR-14s
7705 SAR Gen 2
7705 SAR Hm	Supported from 19.7.R1
Product Specifics
7705 SAR Gen 2 25.0	Warning: iframes not supported by this browser.
7705 SAR Hm 21.0
7705 SAR Hm 22.0
7705 SAR Hm 23.0
7705 SAR Hm 24.0
7705 SAR Hm 25.0
7750 SR 21.0
7750 SR 22.0
7750 SR 23.0
7750 SR 24.0
7750 SR 25.0

Supported Network Elements

7750 SR

Supported from 19.7.R1

Excluded chassis types: 7750-SR12, 7750-SR24, 7750-SR4, 7750-SR1, 7750-SR7, 7750-SRc12, 7750-SRc4, 7750-SR12e, 7750-SRa4, 7750-SRa8, 7750 SR-1e, 7750 SR-2e, 7750 SR-3e, ES 7750 SRc4, TS 7750 SRc4, 7750-SR1 Fixed CFM, 7750 SR-1x-48D, 7750 SR-1-48D, 7750 SR-1-24D, 7750 SR-1x-92S, 7750 SR-1-92S, 7750 SR-1-46S, 7750 SR-7s, 7750 SR-1s, 7750 SR-1se, 7750 SR-2s, 7750 SR-14s

7705 SAR Gen 2

7705 SAR Hm

Supported from 19.7.R1

Product Specifics

rtr RtrIPSecTunnel

rtr
RtrIPSecTunnel