Cisco Systems RV320K9NA, RV325K9NA

VPN

Gateway to Gateway

90 Cisco Small Business RV320/RV325 Administration Guide

•NAT Traversal—Network Address Translation (NAT) enables users with

private LAN addresses to access Internet resources by using a publicly

routable IP address as the source address. However, for inbound traffic, the

NAT gateway has no automatic method of translating the public IP address

to a particular destination on the private LAN. This issue prevents

successful IPsec exchanges. If your VPN router is behind a NAT gateway,

check this box to enable NAT traversal. The same setting must be used on

both ends of the tunnel.

•Dead Peer Detection (DPD)—Sends periodic HELLO/ACK messages to

check the status of the VPN tunnel. This feature must be enabled on both

ends of the VPN tunnel. Specify the interval between HELLO/ACK

messages in the Interval field.

•Extended Authentication—Uses an IPsec host username and password to

authenticate the VPN clients or it uses the user database found in User

Management. Both IPSec host and edge device must enable Extended

Authentication. To use the IPsec Host, click the radio button and enter the

User Name and Password. To use the Edge Device, click the radio button

and select the database from the drop-down menu. To add or edit the

database, click Add/Edit to display the User Management window.

•Tunnel Backup—When DPD determines that the remote peer is unavailable,

this feature enables the router to reestablish the VPN tunnel by using either

an alternative IP address for the remote peer or an alternative local WAN

interface. Check the box to enable this feature and enter the following

settings. This feature is available only if Dead Peer Detection is enabled.

-Remote Backup IP Address—Alternative IP address for the remote

peer, or reenter the WAN IP address that was already set for the remote

gateway.

-Local Interface—WAN interface to use to reestablish the connection.

-VPN Tunnel Backup Idle Time—When the router boots up and the

primary tunnel is not connected within the specified period, the backup

tunnel is used. The default idle time is 30 seconds.