Chapter16 VPN Global Settings
VPN Global Settings
16-2
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
XAuth Timeout The number of seconds the router is to wait for a a system to respond
to the XAuth challenge.
IKE Identity Either the host name of the router or the IP address that the ro uter
will use to identify itself in IKE negotiations.
Dead Peer Detection Dead Peer Detection (DPD) enables a router to detect a dead peer
and, if detected, delete the IPSec and IKE security associations with
that peer. If DPD is enabled, the following additional information is
displayed:
IKE Keepalive (Sec)—The value is the number of seconds that
the router waits between sending IKE keepalive packets.
IKE Retry (Sec)—The value is the number of seconds th at the
router waits between attempts to establish an IKE connection
with the remote peer. By default, “2” seconds is displayed.
DPD Type—Either On Demand or Periodic. If set to On
Demand, DPD messages are sent on the basis of traffic
patterns. For example, if a router has to send outbound tra ffic
and the liveliness of the peer is questionable, the router sends a
DPD message to query the status of the peer. If a router has no
traffic to send, it never sends a DPD message.
If set to Periodic, the router sends DPD messages at the interval
specified by the IKE Keepalive value.
IPSec Security Association (SA)
Lifetime (Sec)
The amount of time after which IPSec security associations (SAs)
will expire and be regenerated. The default is 3600 seconds (1
hour).
Table16-1 VPN Global Settings Fields
Element Description