ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual
Virtual Private Networking 5-21v1.1, August 2010
Authentication
Method Select one of the following radio buttons to specify the authentication method:
•Pre-shared key. A secret that is shared between the VPN firewall and the
remote endpoint.
•RSA-Signature. Uses the active Self Certificate that you uploaded on the
Certificates screen (see “Managing Certificates” on page 5-30). The Pre-shared
key is masked out when you select the RSA-Signature option.
Pre-shared key A key with a minimum length of 8 characters no more than 49
characters. Do not use a double quote (“) in the key.
Diffie-Hellman (DH)
Group The DH Group sets the strength of the algorithm in bits. The higher the group, the
more secure the exchange. From the pull-down menu, select one of the following
three strengths:
•Group 1 (768 bit).
•Group 2 (1024 bit). This is the default setting.
•Group 5 (1536 bit).
Note: Ensure that the DH Group is configured identically on both sides.
SA-Lifetime (sec) The period in seconds for which the IKE SA is valid. When the period times out,
the next rekeying must occur. The default is 28800 seconds (8 hours).
Enable Dead Peer
Detection
Note: See also
“Configuring
Keepalives and
Dead Peer
Detection” on
page 5-53.
Select a radio button to specify whether or not Dead Peer Detection (DPD) is
enabled:
•Yes. This feature is enabled: when the VPN firewall detects an IKE connection
failure, it deletes the IPsec and IKE SA and forces a reestablishment of the
connection. You must enter the detection period and the maximum number of
times that the VPN firewall attempts to reconnect (see below).
•No. This feature is disabled. This is the default setting.
Detection Period The period in seconds between consecutive
“DPD R-U-THERE” messages, which are sent only when the
IPsec traffic is idle.
Reconnect after
failure count The maximum number of DPD failures before the VPN
firewall tears down the connection and then attempts to
reconnect to the peer. The default is 3 failures.
Table 5-2. Add IKE Policy Settings (continued)
Item Description (or Subfield and Description)