Virtual PrivateNetworks(VPN) IPsec
IX20 User Guide
492
h. For Lifetime margin, enter a randomizing amount of time before the IPsec tunnel is
renegotiated.
Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the
format number{w|d|h|m|s}.
For example, to set Lifetime margin to ten minutes, enter 10m or 600s.
i. Click to expand Phase 1 Proposals.
i. Click to create a new phase 1proposal.
ii. For Cipher, select the type of encryption.
iii. For Hash, select the type of hash to use to verify communication integrity.
iv. For Diffie-Hellman group, select the type of Diffie-Hellman group to use for key
exchange.
v. You can add additional Phase 1proposals by clicking next to Add Phase 1
Proposal.
j. Click to expand Phase 2 Proposals.
i. Click to create a new phase 2proposal.
ii. For Cipher, select the type of encryption.
iii. For Hash, select the type of hash to use to verify communication integrity.
iv. For Diffie-Hellman group, select the type of Diffie-Hellman group to use for key
exchange.
v. You can add additional Phase 2proposals by clicking next to Add Phase 2
Proposal.
23. (Optional) Click to expand Dead peer detection. Dead peer detection is enabled by default.
Dead peer detection usesperiodic IKEtransmissionsto the remote endpoint to detect whether
tunnel communicationshavefailed, allowing the tunnel to be automatically restarted when
failure occurs.
a. To enable or disable dead peer detection, click Enable.
b. For Delay, type the number of secondsbetween transmissionsof dead peer packets. Dead
peer packetsare only sent when the tunnel isidle.
c. For Timeout, type the number of secondsto wait for a response from a dead peer packet
before assuming the tunnel hasfailed.
24. (Optional) Click to expand NAT to create a list of destination networksthat require source NAT.
a. Click next to Add NAT destination.
b. For Destination network, type the IPv4 addressand optional netmask of a destination
network that requiressource NAT. You can also use any, meaning that any destination
network connected to the tunnel will use source NAT.
25. See Configure SureLink activerecovery for IPsec for information about IPsec Active recovery.
26. (Optional) Click Advanced to set variousIPsec-related time out, keep alive, and related values.
27. Click Apply to save the configuration and apply the change.
Command line
1. Select the device in Remote Manager and click Actions> Open Console, or log into the IX20
local command line as a user with full Admin access rights.
To Next Page
Loading...