Netopia 3300-ENT manual Multiple Network IPsec

Internet Key Exchange (IKE) IPsec Key Management for VPNs 5-13

The defaults are 5 seconds and 90 seconds, respectively. You may adjust these to suit your network’s tolerances.

Note:

•ICMP Dead Peer Detection is not available when using manual re-keying.

•ICMP Dead Peer Detection does not initiate a series of phase 2 exchanges upon detecting a dead peer; it instead initiates a new phase 1 negotiation, followed by a new phase 2 negotiation once contact with the peer has been re-established.

•If you are using Multiple Network IPsec, the IP address of the ICMP Dead Peer Detection mechanism must be constrained to the set of network ranges defined for the IPsec profile.

Press Escape to return to the Add or Change Connection Profile screen, and select IP Profile Parameters.

If you enable IKE key management the IP Profile Parameters screen appears.

IP Profile Parameters

Remote Tunnel Endpoint:0.0.0.0

Add Network...

•The Remote Tunnel Endpoint field accepts either an IP address in the familiar dotted–quad notation a.b.c.d or a hostname to be resolved using the Domain Name System (DNS).

Multiple Network IPsec

Netopia Firmware Version 8.4 offers an enhancement to IPsec VPN tunnels allowing multiple network support. This feature enhances your Netopia Router’s Virtual Private Networking functionality.

This feature allows you to define many local and remote network ranges for a given IPsec VPN profile. Each of these ranges has its own IPsec tunnel. However, each tunnel has a common tunneling endpoint and encryption policy. This is useful, for example, for branch office management of multiple IP subnets over an encrypted VPN tunnel. The following diagram illustrates this feature: