ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual

 

 

 

 

 

Table 5-2. Add IKE Policy Settings (continued)

 

 

 

 

 

Item

Description (or Subfield and Description)

 

 

 

 

 

Authentication

Select one of the following radio buttons to specify the authentication method:

 

Method

Pre-shared key. A secret that is shared between the VPN firewall and the

 

 

remote endpoint.

 

 

 

RSA-Signature. Uses the active Self Certificate that you uploaded on the

 

 

Certificates screen (see “Managing Certificates” on page 5-30). The Pre-shared

 

 

key is masked out when you select the RSA-Signature option.

 

 

 

 

 

 

Pre-shared key

A key with a minimum length of 8 characters no more than 49

 

 

 

characters. Do not use a double quote (“) in the key.

 

 

 

 

 

Diffie-Hellman (DH)

The DH Group sets the strength of the algorithm in bits. The higher the group, the

 

Group

more secure the exchange. From the pull-down menu, select one of the following

 

 

three strengths:

 

 

 

Group 1 (768 bit).

 

 

Group 2 (1024 bit). This is the default setting.

 

 

Group 5 (1536 bit).

 

 

Note: Ensure that the DH Group is configured identically on both sides.

 

SA-Lifetime (sec)

The period in seconds for which the IKE SA is valid. When the period times out,

 

 

the next rekeying must occur. The default is 28800 seconds (8 hours).

 

 

 

 

Enable Dead Peer

Select a radio button to specify whether or not Dead Peer Detection (DPD) is

 

Detection

enabled:

 

 

 

Yes. This feature is enabled: when the VPN firewall detects an IKE connection

 

Note: See also

failure, it deletes the IPsec and IKE SA and forces a reestablishment of the

 

“Configuring

connection. You must enter the detection period and the maximum number of

 

Keepalives and

times that the VPN firewall attempts to reconnect (see below).

 

Dead Peer

No. This feature is disabled. This is the default setting.

 

Detection” on

 

 

 

Detection Period

The period in seconds between consecutive

 

page 5-53.

 

 

“DPD R-U-THERE” messages, which are sent only when the

 

 

 

 

 

 

IPsec traffic is idle.

 

 

 

 

 

 

Reconnect after

The maximum number of DPD failures before the VPN

 

 

failure count

firewall tears down the connection and then attempts to

 

 

 

reconnect to the peer. The default is 3 failures.

 

 

 

 

Virtual Private Networking

5-21

v1.1, August 2010

Page 118 Page 120
Page 119
Image 119
NETGEAR FVS318G manual Group 1 768 bit, Group 5 1536 bit
Page 118 Page 120
Top Page Image Contents