Robustel R5020 User Guide
RT_UG_R5020_v.1.0.2 Mar. 17, 2023 96/167
Select from “PFS (N/A)”, “DHgroup1”, “DHgroup2”, “DHgroup5”,
“DHgroup14”, “DHgroup15”, “DHgroup16”, “DHgroup17” or “DHgroup18”
to be used in SA negotiation.
Set the IPsec SA lifetime. When negotiating to set up IPsec SAs, IKE uses the
smaller one between the lifetime set locally and the lifetime proposed by
the peer.
Set the interval after which DPD is triggered if no IPsec protected packets is
received from the peer. DPD is a Dead peer detection. DPD irregularly
detects dead IKE peers. When the local end sends an IPsec packet, DPD
checks the time the last IPsec packet was received from the peer. If the time
exceeds the DPD interval, it sends a DPD hello to the peer. If the local end
receives no DPD acknowledgment within the DPD packet retransmission
interval, it retransmits the DPD hello. If the local end still receives no DPD
acknowledgment after having made the maximum number of
retransmission attempts, it considers the peer already dead, and clears the
IKE SA and the IPsec SAs based on the IKE SA.
Set the timeout of DPD (Dead Peer Detection) packets.
Click the toggle button to enable/disable this option. Enable to compress
the inner headers of IP packets.
Click the toggle button to enable/disable this option. When enabled, UDP
encapsulation of esp packets is forced even if NAT conditions are not
detected. This helps overcome restrictive firewalls.
Add more PPP configuration options here, format: config-desc; config-desc,
e.g. protostack=netkey;plutodebug=none
This section allows you to view the status of the IPsec tunnel.
User can upload the X509 certificates for the IPsec tunnel in this section.
To Next Page
Loading...
