Virtual Private Network > Connections
Virtual Private Network
RM GUI HiSecOS EAGLE20/30
Release
3.0
09/2015
215
Version Specifies the version of the IKE protocol to use for the VPN connection.
Possible values:
auto
(default setting)
The VPN starts with protocol IKEv2 as the initiator and accepts
IKEv1/v2 as the responder.
ikev1
The VPN uses the IKE version 1 (ISAKMP) protocol.
ikev2
The VPN uses the IKE version 2 protocol.
Startup Specifies if the device starts this instance as a responder or initiator.
When you specify the local peer as the responder, and the remote peer
sends traffic to a specific selector, then the device attempts to establish the
connection as the responder. Establishing a connection as a responder
depends upon other settings for this connection. For example, if you specify
the "Remote Endpoint" as
any
, then this not possible to initiate the
connection.
Possible values:
initiator
When the instance starts as an initiator it begins an IKE with the
responder.
responder
If you specify that the instance starts as a responder, then it waits for
the initiator to start the IKE and parameter negotiation.
DPD Timeout [s] Specifies the timeout, in seconds, that the local peer declares the remote
peer dead, if the remote peer unresponsive.
Possible values:
0..86400
(default setting:
120
)
The value 0 disables this feature. The default setting is 2 minutes and
the maximum setting is 24 hours.
IKE Lifetime [s] Specifies the lifetime, in seconds, of the IKE security association between
two network devices to support secure communication. The devices
establish a security association after exchanging a set of pre-defined keys.
Possible values:
300..86400
(default setting:
28800
)
The default setting is 8 hours and the maximum setting is 24 hours.
IKE Exchange
Mode
Specifies the use of the phase 1 exchange mode for IKEv1.
The purpose of IKE phase 1 is to establish a secure authenticated
communication channel. The device uses the Diffie–Hellman key exchange
algorithm to generate a shared secret key. The device then uses the shared
secret key to further encrypt IKE communications.
Possible values:
main
(default setting)
The main mode for phase 1 provides identity protection.
aggressive
You use the aggressive mode to reduce round trips.
Parameters Meaning
To Next Page
Loading...