Cisco WRV210 Administration Guide - Page 72

Dead Peer Detection, IPSec DH Group - vpn endpoint

Get Cisco WRV210 PDF manuals and user guides View all Cisco WRV210 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 72 highlights

Configuring a Virtual Private Network (VPN) VPN > IPSec VPN 5 • IPSec DH Group: This setting is the same as the ISAKMP DH Group setting. • IPSec Key Lifetime(s:) Optionally, you can choose to have the key expire at the end of a specified time period. Enter the number of seconds you'd like the key to be used until a re-key negotiation between each endpoint is completed. The default is 3600 seconds, which is 1 hour. • Pre-shared Key: Enter a series of numbers or letters in the Pre-shared Key field. The same key must be entered at both ends of the tunnel. Based on this key, a key is generated to scramble (encrypt) the data being transmitted over the tunnel, where it is unscrambled (decrypted). You may use any combination of up to 24 numbers or letters in this field. No special characters or spaces are allowed. STEP 7 In the Tunnel Options section, enter the following settings: • Dead Peer Detection: Dead Peer Detection (DPD) detects the status of a remote peer. DPD issues DPD packets (ISAKMP format) to query a remote peer, and waits for a reply to recognize that the peer is still alive. Check the box to enable DPD, or uncheck the box to disable this feature. • Detection Delay(s): Specify the interval between DPD query packets. The default value is 30 seconds. • Detection Timeout(s): Specify the length of timeout when DPD cannot hear any DPD reply. The default value is 120 seconds. • DPD Action: Specify the action that is taken when the DPD Timeout setting expires. Select Suspend Connection to stop passively recovering the connection or select Recover Connection. • If IKE failed more than _times, block this unauthorized IP for _ seconds: This feature enables the Router to block unauthorized IP addresses. Specify the number of times IKE must fail before the Router blocks that unauthorized IP address. also specify the number of seconds that the unauthorized IP address is blocked. This feature is enabled by default. You can uncheck the box if you want to disable this feature. • Anti-replay: This feature protects the Router from anti-replay attacks, when people try to capture your authentication packets in an attempt to gain access. The feature is enabled by default. You can uncheck the box if you want to disable this feature. STEP 8 Click Save to save your settings, or click Cancel to refresh the page with the previously saved settings. Cisco Small Business WRV210 Administration Guide 72

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
Configuring a Virtual Private Network (VPN)
VPN > IPSec VPN
Cisco Small Business WRV210 Administration Guide
72
5
IPSec DH Group:
This setting is the same as the ISAKMP DH Group setting.
IPSec Key Lifetime(s:
) Optionally, you can choose to have the key expire at
the end of a specified time period. Enter the number of seconds you’d like
the key to be used until a re-key negotiation between each endpoint is
completed. The default is
3600
seconds, which is 1 hour.
Pre-shared Key:
Enter a series of numbers or letters in the
Pre-shared Key
field. The same key must be entered at both ends of the tunnel. Based on
this key, a key is generated to scramble (encrypt) the data being transmitted
over the tunnel, where it is unscrambled (decrypted). You may use any
combination of up to 24 numbers or letters in this field. No special
characters or spaces are allowed.
STEP
7
In the
Tunnel Options
section, enter the following settings:
Dead Peer Detection:
Dead Peer Detection (DPD) detects the status of a
remote peer. DPD issues DPD packets (ISAKMP format) to query a remote
peer, and waits for a reply to recognize that the peer is still alive. Check the
box to enable DPD, or uncheck the box to disable this feature.
Detection Delay(s):
Specify the interval between DPD query packets. The
default value is
30
seconds.
Detection Timeout(s):
Specify the length of timeout when DPD cannot hear
any DPD reply. The default value is
120
seconds.
DPD Action:
Specify the action that is taken when the DPD Timeout setting
expires. Select
Suspend Connection
to stop passively recovering the
connection or select
Recover Connection
.
If IKE failed more than _times, block this unauthorized IP for _ seconds:
This feature enables the Router to block unauthorized IP addresses. Specify
the number of
times
IKE must fail before the Router blocks that
unauthorized IP address. also specify the number of
seconds
that the
unauthorized IP address is blocked. This feature is enabled by default. You
can uncheck the box if you want to disable this feature.
Anti-replay:
This feature protects the Router from anti-replay attacks, when
people try to capture your authentication packets in an attempt to gain
access. The feature is enabled by default. You can uncheck the box if you
want to disable this feature.
STEP
8
Click
Save
to save your settings, or click
Cancel
to refresh the page with the
previously saved settings.