ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
5-30 Virtual Private Networking Using IPsec
v1.2, June 2008
3. In the General menu frame of the Edit VPN Policy menu, locate the keepalive configuration
settings, as shown in Figure 5-16:
4. Click the Yes radio button to enable keepalive.
5. In the Ping IP Address boxes, enter an IP address on the remote LAN. This must be the
address of a host that can respond to ICMP ping requests.
6. Enter the Detection Period to set the time between ICMP ping requests. The default is 10
seconds.
7. In Reconnect after failure count, set the number of consecutive missed responses that will be
considered a tunnel connection failure. The default is 3 missed responses. When the FVS336G
senses a tunnel connection failure, it forces a reestablishment of the tunnel.
8. Click Apply at the bottom of the menu.
The Dead Peer Detection feature maintains the IKE SA by exchanging periodic messages with the
remote VPN peer. To configure Dead Peer Detection on a configured IKE policy, follow these
steps:
1. Select VPN from the main menu and Policies from the submenu.
2. Click the IKE Policies tab, then click the edit button next to the desired VPN policy.
Figure 5-16