ADC CLI Commands

ipTunnelParam

The following operations can be performed on “ipTunnelParam”:

unset ipTunnelParam

Use this command to remove ipTunnelParam settings.Refer to the set ipTunnelParam command for meanings of the arguments.

Synopsis

unset ipTunnelParam [-srcIP] [-dropFrag] [-dropFragCpuThreshold] [-srcIPRoundRobin] [-enableStrictRx] [-enableStrictTx] [-mac] [-useClientSourceIP]

set ipTunnelParam

Sets global parameters of IPv4 tunnels on the Citrix ADC.

Synopsis

set ipTunnelParam [-srcIP ] [-dropFrag ( YES NO )] [-dropFragCpuThreshold ] [-srcIPRoundRobin ( YES NO )] [-enableStrictRx ( YES NO )] [-enableStrictTx ( YES NO )] [-mac ] [-useClientSourceIP ( YES NO )]

Arguments

srcIP Common source-IP address for all tunnels. For a specific tunnel, this global setting is overridden if you have specified another source IP address. Must be a MIP or SNIP address.

dropFrag Drop any IP packet that requires fragmentation before it is sent through the tunnel.

Possible values: YES, NO Default value: NO

dropFragCpuThreshold Threshold value, as a percentage of CPU usage, at which to drop packets that require fragmentation to use the IP tunnel. Applies only if dropFragparameter is set to NO. The default value, 0, specifies that this parameter is not set. Minimum value: 1 Maximum value: 100

srcIPRoundRobin Use a different source IP address for each new session through a particular IP tunnel, as determined by round robin selection of one of the SNIP addresses. This setting is ignored if a common global source IP address has been specified for all the IP tunnels. This setting does not apply to a tunnel for which a source IP address has been specified.

Possible values: YES, NO Default value: NO

enableStrictRx Strict PBR check for IPSec packets received through tunnel

Possible values: YES, NO Default value: NO

enableStrictTx Strict PBR check for packets to be sent IPSec protected

Possible values: YES, NO Default value: NO

mac The shared MAC used for shared IP between cluster nodes/HA peers

useClientSourceIP Use client source IP as source IP for outer tunnel IP header

Possible values: YES, NO Default value: NO

Example

set ipTunnelParam -srcIP 10.100.20.48 -dropFrag YES -dropFragCpuThreshold 95 -useClientSourceIP YES

show ipTunnelParam

Display the IP Tunnel global settings on the Citrix ADC

Synopsis

show ipTunnelParam

Arguments

Output

srcIP Common source-IP address for all tunnels. For a specific tunnel, this global setting is overridden if you have specified another source IP address. Must be a MIP or SNIP address.

dropFrag Drop any IP packet that requires fragmentation before it is sent through the tunnel.

dropFragCpuThreshold Threshold value, as a percentage of CPU usage, at which to drop packets that require fragmentation to use the IP tunnel. Applies only if dropFragparameter is set to NO. The default value, 0, specifies that this parameter is not set.

srcIPRoundRobin Use a different source IP address for each new session through a particular IP tunnel, as determined by round robin selection of one of the SNIP addresses. This setting is ignored if a common global source IP address has been specified for all the IP tunnels. This setting does not apply to a tunnel for which a source IP address has been specified.

enableStrictRx Strict PBR check for IPSec packets received through tunnel

enableStrictTx Strict PBR check for packets to be sent IPSec protected

mac The shared MAC used for shared IP between cluster nodes/HA peers

useClientSourceIP Use client source IP as source IP for outer tunnel IP header

Example

Tunnel Source IP: 10.100.20.48 Round Robin of Tunnel Source IP: NO Drop if Fragmentation Needed: NO CPU usage threshold to avoid fragmentation: 95 Strict PBR check for IPSec packets received through tunnel: NO Strict PBR check for packets to be sent IPSec protected: NO Tunnel MAC for shared IPs: 00:00:00:00:00:00 Use client sourceIP as sourceIP for outer tunnel IP header: YES

ipTunnelParam