Shared Key
[IPsecSATable_SharedKey]
Defines the pre-shared key (in textual format). Both peers
must use the same pre-shared key for the authentication
process to succeed.
Notes:
This parameter is applicable only if the Authentication
Method parameter is set to pre-shared key.
The pre-shared key forms the basis of IPSec security and
therefore, it should be handled with care (the same as
sensitive passwords). It is not recommended to use the
same pre-shared key for several connections.
Since the ini file is plain text, loading it to the device over
a secure network connection is recommended. Use a
secure transport such as HTTPS, or a direct crossed-
cable connection from a management PC.
After it is configured, the value of the pre-shared key
cannot be retrieved.
Source Port
[IPsecSATable_SourcePort]
Defines the source port to which this configuration applies.
The default is 0 (i.e., any port).
Destination Port
[IPsecSATable_DestPort]
Defines the destination port to which this configuration
applies.
The default is 0 (i.e., any port).
Protocol
[IPsecSATable_Protocol]
Defines the protocol type to which this configuration applies.
Standard IP protocol numbers, as defined by the Internet
Assigned Numbers Authority (IANA) should be used, for
example:
0 = Any protocol (default)
17 = UDP
6 = TCP
IKE SA Lifetime
[IPsecSATable_Phase1SaLifetimeIn
Sec]
Defines the duration (in seconds) for which the negotiated
IKE SA (Main mode) is valid. After this time expires, the SA
is re-negotiated.
The default is 0 (i.e., unlimited).
Note: Main mode negotiation is a processor-intensive
operation; for best performance, do not set this parameter to
less than 28,800 (i.e., eight hours).
IPSec SA Lifetime (sec)
[IPsecSATable_Phase2SaLifetimeIn
Sec]
Defines the duration (in seconds) for which the negotiated
IPSec SA (Quick mode) is valid. After this time expires, the
SA is re-negotiated.
The default is 0 (i.e., unlimited).
Note: For best performance, a value of 3,600 (i.e., one hour)
or more is recommended.
IPSec SA Lifetime (Kbs)
[IPsecSATable_Phase2SaLifetimeIn
KB]
Defines the maximum volume of traffic (in kilobytes) for
which the negotiated IPSec SA (Quick mode) is valid. After
this specified volume is reached, the SA is re-negotiated.
The default is 0 (i.e., the value is ignored).
Dead Peer Detection Mode
[IPsecSATable_DPDmode]
Defines dead peer detection (DPD), according to RFC 3706.
[0] DPD Disabled (default)
To Next Page
Loading...
Need help?
General
