Configure Advanced Client Options

First, Configure Layer 3 VPN Services.

This task is part of the network policy configuration workflow. Use this task to to configure the Advanced Client Options for a VPN service when you configure router settings.

  1. Go to Configure > Network Policies.
  2. Select an existing network policy, and then select Edit, or select Add.
  3. After you save the Policy Details, select 5 Branch Routing.
  4. From the Router Settings menu, select VPN Service.
  5. Select an existing VPN service, and then select Edit, or select Add.
  6. In the Optional Settings section, expand Advanced Client Options.
  7. Select Enable NAT Traversal to enable VPN traffic to traverse NAT devices.
  8. Configure the DPD (Dead Peer Detection) Settings.

    The DPD and tunnel heartbeat settings control when to fail over from the primary to the secondary VPN server. The DPD messages verify the presence of an IKE peer, and AMRP (Advanced Mobility Routing Protocol) tunnel heartbeats verify communications through the GRE and VPN tunnel. The failure of either mechanism can trigger a failover.

    1. Set the Heartbeat Interval for sending DPD R-U-There heartbeat messages from the VPN client to the VPN gateway.
    2. Set the number of times to retry sending a DPD R-U-There message when it does not elicit a response.
    3. Set the amount of time between retries.
  9. Select SAVE.
9038986-00 Rev AA