6: Basic Parameters
SLCâ„¢ 8000 Advanced Console Manager User Guide 95
XAUTH Client If this is enabled, the SLC unit will send authentication credentials to the
remote host if they are requested. XAUTH, or Extended Authentication, can
be used as an additional security measure on top of the Pre-Shared Key or
RSA Public Key. This is typically used with Cisco peers, where the Cisco
peer is acting as an XAUTH server.
XAUTH Login (Client) If XAUTH Client is enabled, this is the login used for authentication.
XAUTH Password/Retype
Password
If XAUTH Client is enabled, this is the password used for authentication.
Remote Peer Type Defines the type of the remote peer, either IETF (non-Cisco) or Cisco.
When set to Cisco, support for Cisco IPsec gateway redirection and Cisco
obtained DNS and domainname are enabled. This option is deprecated
and is no longer supported.
Cisco Unity If enabled, sends the Cisco Unity vendor ID payload (IKEv1 only), indicating
that the SLC is acting as a Cisco Unity compliant peer. This indicates to the
remote peer that Mode Config is supported (an IKE configuration method
that is widely adopted, documented
here).
Mode Config In remote access scenarios, it is highly desirable to be able to push
configuration information such as the private IP address, a DNS server's IP
address, and so forth, to the client. This option defines which mode is used:
pull where the config is pulled from the peer (the default), or push where
the config is pushed to the peer. Push mode is not supported with IKEv2.
Force Encapsulation In some cases, for example when ESP packets are filtered or when a
broken IPsec peer does not properly recognise NAT, it can be useful to
force RFC-3948 encapsulation.
Dead Peer Detection Sets the delay (in seconds) between Dead Peer Detection (RFC 3706)
keepalives (R_U_THERE, R_U_THERE_ACK) that are sent for the tunnel
(default 30 seconds). Dead Peer Detection can also be disabled.
Dead Peer Detection
Timeout
Sets the length of time (in seconds) the SLC will idle without hearing either
an R_U_THERE poll from the peer, or an R_U_THERE_ACK reply. The
default is 120 seconds. After this period has elapsed with no response and
no traffic, the SLC will declare the peer dead, remove the Security
Association (SA), and perform the action defined by Dead Peer Detection
Action.
Dead Peer Detection Action When a Dead Peer Detection enabled peer is declared dead, the action that
should be taken. Hold (the default) means the tunnel will be put into a hold
status. Clear means the Security Association (SA) will be cleared. Restart
means the SA will immediately be renegotiated.
To Next Page
Loading...
Need help?
General
