Cisco SA520-K9 Administration Guide - Page 147
Configuring VPN, the User Database for the IPsec Remote Access VPN,
UPC - 882658266744
View all Cisco SA520-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 147 highlights
Configuring VPN Advanced Configuration of IPsec VPN 7 NOTE The double-quote character (") is not permitted for the shared key. • Pre-shared key: Enter the alpha-numeric key to be shared with IKE peer. • Diffie-Hellman (DH) Group: Choose the Diffie-Hellman algorithm to use when exchanging keys. The DH Group sets the strength of the algorithm in bits. • SA Lifetime (seconds): Enter the number of seconds for the Security Association to remain valid. • Enable Dead Peer Detection: Check this box to enable the security appliance to detect whether a peer is alive or not. If a peer is detected as dead, then the security appliance deletes the IPsec and IKE Security Association. • Detection Period (seconds): Detection Period is the interval between consecutive DPD R-U-THERE messages. DPD R-U-THERE messages are sent only when the IPsec traffic is idle. • Reconnect after failure count: Maximum number of DPD failures allowed before tearing down the connection. STEP 7 In the Extended Authentication (XAUTH) area, you can enable the VPN gateway router to authenticate users from the User Database (default choice) or an external authentication server such as a RADIUS server. Choose one of the following XAUTH Types: • None: Choose this option to disable XAUTH. • User Database: Choose this option if you want to authenticate users based on the accounts that you create in this Configuration Utility. If you choose this option, be sure to add the users on the IPsec Users page. See Configuring the User Database for the IPsec Remote Access VPN, page 142. • IPsec Host: Choose this option if you want the security appliance to be authenticated with a username and password combination. In this mode, the security appliance acts as a VPN Client of the remote gateway. If you choose this option, also enter a Username and Password. - Username: If you chose IPsec Host as the XAUTH Type, enter the user name for the security appliance to use when connecting to the remote server. The username can include any alphanumeric characters. - Password: Enter the password for the security appliance to use when connecting to the remote server. Cisco SA500 Series Security Appliances Administration Guide 147