4Chapter 6: Firewall ........................................................................................................................... 96IP rules ......................................................................................................................................................96Services...................................................................................................................................................103Access rules ............................................................................................................................................107Internet access ........................................................................................................................................110Chapter 7: IPsec VPN .................................................................................................................... 113Overview..................................................................................................................................................113IPsec components ...................................................................................................................................117Setting up IPsec tunnels .........................................................................................................................135NAT traversal...........................................................................................................................................138CA server access ....................................................................................................................................140IPsec troubleshooting .............................................................................................................................143Chapter 8: Authentication.............................................................................................................. 153Authentication profiles .............................................................................................................................153RADIUS authentication ...........................................................................................................................154The radiussnoop command ....................................................................................................................156Chapter 9: High Availability........................................................................................................... 157Overview .................................................................................................................................................157HA mechanisms .....................................................................................................................................159Setting up HA .........................................................................................................................................161HA issues ...............................................................................................................................................166Chapter 10: Advanced Settings .................................................................................................... 168Flow timeout settings ..............................................................................................................................168Length limit settings ................................................................................................................................169Fragmentation settings ...........................................................................................................................171Local fragment reassembly settings .......................................................................................................176Chapter 11: I-WLAN........................................................................................................................ 177I-WLAN overview ....................................................................................................................................177GTP tunnels.............................................................................................................................................178Interface stitching ....................................................................................................................................181Using IP rules .........................................................................................................................................182Adding client routing ................................................................................................................................182Certificates with I-WLAN .........................................................................................................................183