Chapter12 VPN Global Settings
VPN Global Settings
12-22
Cisco Router and Security Device Manager Version 2.2 Users Guide
OL-4015-08
XAuth Timeout
The number of seconds the router is to wait for a a system to respond to t he XAuth
challenge.
IKE Identity
Either the host name of the router or the IP address that the router will use to
identify itself in IKE negotiations.
Dead Peer Detection
Dead Peer Detection (DPD) enables a router to detect a dead peer and, if detected,
delete the IPSec and IKE security associations with that peer.
IKE Keepalive (Sec)
The value is the number of seconds that the router waits between sending IKE
keepalive packets.
IKE Retry (Sec)
The value is the number of seconds that the router waits between attempts to
establish an IKE connection with the remote peer. By default, 2 seconds is
displayed.
DPD Type
Either On Demand or Periodic.
If set to On Demand, DPD messages are sent on the basis of traffic patterns. For
example, if a router has to send outbound traffic and the liveliness of the peer is
questionable, the router sends a DPD message to query the status of the peer. If a
router has no traffic to send, it never sends a DPD message.
If set to Periodic, the router sends DPD messages at the interval specified by the
IKE Keepalive value.
IPSec Security Association (SA) Lifetime (Sec)
The amount of time after which IPSec security associations (SAs) will expire and
be regenerated. The default is 3600 seconds (1 hour).