Digi TransPort LR54 - Page 193

Digi TransPort LR54

512 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Virtual Private Networks (VPN) IPsec

Digi TransPort WR Routers User Guide

193

n IKE configuration items

l The IKE authentication protocols to use for the IPsec tunnel negotiation.

You can select more than one authentication protocol. IKE negotiates with the remote

device which to use. This setting does not need to match the IKE authentication protocols

configured on the remote device, but at least one of the authentication protocols must be

configured on the remote device.

l The IKE encryption protocols to use for the IPsec tunnel negotiation.

You can select more than one encryption protocol. IKE negotiates with the remote device

which encryption protocol to use. This setting does not need to match the IKE encryption

protocols configured on the remote device, but at least one of the encryption protocols

must be configured on the remote device.

l The IKE Diffie-Hellman groups to use for the IPsec tunnel negotiation.

You can select more than one Diffie-Hellman group. IKE negotiates with the remote device

which group to use. This setting does not need to match the IKE Diffie-Hellman groups

configured on the remote device, but at least of the Diffie-Hellman groups must be

configured on the remote device.

Additional configuration items

The following additional configuration settings are not typically configured to get an IPsec tunnel

working, but can be configured as needed:

n Tunnel and key renegotiating

l The lifetime of the IPsec tunnel before it is renegotiated. This defaults to 1 hour (3600

seconds), and does not need to match the setting on the remote device.

l The number of bytes, also known as lifebytes, sent on the IPsec tunnel before it is

renegotiated. By default, this setting is disabled, but can be configured up to 4 GB. This

setting does not need to match the setting on the remote device.

l The IKE lifetime before the keys are renegotiated. This defaults to 4800 seconds and does

not need to match the IKE lifetime configured on the remote device.

l The amount of time before the IPsec lifetime expires, the renegotiation should start. This

defaults to 540 seconds and does not need to match the setting on the remote device.

l The number of bytes before the IPsec lifebytes limit is reached before the key is

renegotiated. By default, this is set to 0 and does not need to match the setting on the

remote device.

l A randomizing factor for the number of seconds or bytes margin before the IPsec tunnel is

renegotiated. This defaults to 100% and does not need to match the setting on the remote

device. This setting would be used if the device has a number of IPsec tunnels configured to

ensure that the IPsec tunnels are not renegotiated at the same time which could put

excessive load on the device.

Table of Contents

Other manuals for Digi TransPort LR54

Hardware Reference21 pages

Quick Start Guide2 pages

Related product manuals

Preview: Digi TransPort

Preview: Digi TransPort WR31

Digi TransPort WR31

Preview: Digi TransPort WR11

Digi TransPort WR11

Preview: Digi TransPort WR21

Digi TransPort WR21

Preview: Digi TransPort WR44

Digi TransPort WR44

Preview: Digi TransPort WR41

Digi TransPort WR41

Preview: Digi WR54

Preview: Digi IX10

Digi Connect WAN

Digi Connect IT 4

Preview: Digi Connect Series

Digi Connect Series

Preview: Digi AnywhereUSB Series

Digi AnywhereUSB Series