28-16
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 28 Group Encrypted Transport (GET) VPNs
Configuring Global Settings for GET VPN
Related Topics
Understanding IKE, page 25-5
Understanding IKEv1 Preshared Key Policies in Site-to-Site VPNs, page 25-43
Defining GET VPN Group Encryption, page 24-51
Understanding Group Encrypted Transport (GET) VPNs, page 28-2
Configuring GET VPN, page 28-12
Configuring Global Settings for GET VPN
Use the Global Settings for GET VPN page to define global settings for ISAKMP and IPsec that apply
to devices in your GET VPN topology.
Note The lifetime settings in this policy do not apply to the ISAKMP security association lifetime for the key
server and group members. Those lifetime values are configured in the IKE Proposal for GET VPN
policy. For more information, see Configuring the IKE Proposal for GET VPN, page 28-15.
To open the Global Settings for GET VPN page:
(Site-to-Site VPN Manager Window) Select an existing GET VPN topology and then select Global
Settings for GET VPN in the Policies selector.
(Policy view) Select Site-to-Site VPN > Global Settings for GET VPN, and then select an existing
policy or create a new one.
The following table explains the settings you can configure in this policy.
IKE Proposal Overrides The number of seconds that the ISAKMP SA for key servers and group
members is valid. When the lifetime is exceeded, the SA expires and
must be renegotiated between the peers. Values can be 1 to 86400.
If you are using cooperative key servers (more than one key
server), set the key server lifetime high. The default 86400 is
appropriate.
If you are using a single key server, you can set the lifetime low
(but not less than 60 seconds) so that the ISAKMP SA is not
retained unnecessarily. It is not used after a group member
registers.
We recommend that you set the group member lifetime low as
compared to the key server lifetime, especially when cooperative
key servers are configured.
Table28-1 IKE Proposal for GET VPN Policy (Continued)
Element Description