Configuring Virtual Private Networking (VPN) Configure Internet Protocol security (IPsec)
Digi TransPort® Routers User Guide
515
Command line
Command Instance Parameter Values Equivalent web parameter
ike2 0 rencalgs des, 3des, aes Encryption
ike2 0 renckeybits 128, 192, 256 Encryption (Minimum AES key length)
ike2 0 rauthalgs md5, sha1 Authentication
ike2 0 rprfalgs md5, sha1 PRF Algorithm
ike2 0 rdhmingroup 1, 2, 5 MODP Group between x and y
ike2 0 rdhmaxgroup 1, 2, 5 MODP Group between x and y
ike2 0 ltime 1-28800 Renegotiate after h hrs m mins s secs
This CLI value is entered in seconds only.
ike2 0 rekeyltime 1-28800 Rekey after h hrs m mins s secs
This CLI value is entered in seconds only.
Configure advanced IKEv2 Responder parameters
ÉWeb
1. Go to Configuration > Network > Virtual Private Networking (VPN) > IPsec > IKEv2 > IKEv2
Responder > Advanced.
2. Configure the advanced IKEv2 Responder parameters as needed:
Stop IKE negotiation if no packet received for n seconds
The period of time, in seconds, after which the router will stop the IKEv2 negotiation when no
response to a negotiation packet has been received.
Enable NAT-Traversal
Enables support for NAT Traversal within IKE/IPsec. When one end of an IPsec tunnel is behind
a NAT box, some form of NAT traversal may be required before the IPsec tunnel can pass
packets. Turning NAT Traversal on enables the IKE protocol to discover whether or not one or
both ends of a tunnel is behind a NAT box, and implements a standard NAT traversal protocol if
NAT is not being performed.
The version of NAT traversal supported is that described in the IETF draft document draft-ietf-
ipsec-nat-t-ike-03.
To Next Page
Loading...
