Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

Global Settings

To define a profile's VPN global settings:

  1. Select the Configuration tab from the Web UI.

  2. Select Profiles from the Configuration tab.

  3. Select Manage Profiles from the Configuration > Profiles menu.

  4. Select Security.

  5. Select VPN.

  6. Select the Global Settings tab.

    The Global Settings screen provides options for Dead Peer Detection (DPD). DPD represents the actions taken upon the detection of a dead peer within the IPSec VPN tunnel connection.

    ../images/1445.png

  7. Define the following IPSec Global settings:

    df bit

    Select the DF bit handling technique used for the ESP encapsulating header. Options include Clear, set and copy. The default setting is Copy.

    IPsec Lifetime (kb)

    Set a connection volume lifetime (in kilobytes) for the duration of an IPSec VPN security association. Once the set volume is exceeded, the association is timed out. Use the spinner control to set the volume from 500 - 2,147,483,646 kilobytes. The default settings is 4,608,000 kilobytes.

    IPsec Lifetime (seconds)

    Set a lifetime (in seconds) for the duration of an IPSec VPN security association. Once the set value is exceeded, the association is timed out. The available range either Seconds (120 - 86,400), Minutes (2 - 1,440), Hours (1 - 24) or Days (1). The default setting is 3,600 seconds.

    Plain Text Deny

    Select global or interface to set the scope of the ACL. The default setting is global, expanding the rules of the ACL beyond just the interface.

    Enable IKE Uniquelds

    Select this option to initiate a unique ID check. This setting is disabled by default.

  8. Define the following IKEV1 Settings:

    DPD Keep Alive

    Define the interval (or frequency) for IKE keep alive messages for dead peer detection. Options include Seconds (10 - 3,600), Minutes (1 - 60) and Hours (1). The default setting is 30 seconds.

    DPD Retries

    Use the spinner control to define the number of keep alive messages sent to an IPSec VPN client before the tunnel connection is defined as dead. The available range is from 1 - 100. The default number of messages is 5.

    NAT Keep Alive

    Define the interval (or frequency) for NAT keep alive messages for dead peer detection. Options include Seconds (10 - 3,600), Minutes (1 - 60) and Hours (1). The default setting is 20 seconds.

  9. Define the following IKEV2 Settings:

    DPD Keep Alive

    Define the interval (or frequency) for IKE keep alive messages for dead peer detection. Options include Seconds (10 - 3,600), Minutes (1 - 60) and Hours (1). The default setting is 30 seconds.

    DPD Retries

    Use the spinner control to define the number of keep alive messages sent to an IPSec VPN client before the tunnel connection is defined as dead. The available range is from 1 - 100. The default number of messages is 5.

    NAT Keep Alive

    Define the interval (or frequency) for NAT keep alive messages for dead peer detection. Options include Seconds (10 - 3,600), Minutes (1 - 60) and Hours (1). The default setting is 20 seconds.

    Cookie Challenge Threshold

    Use the spinner control to define the number of half open IKE security associations (SAs) (from 1 - 100) that, when exceeded, enables the cookie challenge mechanism. The is setting applies exclusively to IKEV2. The default setting is 5.

    Crypto NAT Pool

    Select the NAT pool used for internal source NAT on IPSec tunnels. NAT is used as an IP masquerading technique to hide private IP addresses behind a single, public facing, IP address.

  10. Select OK to save the updates made to the Global Settings screen. Selecting Reset reverts the screen to its last saved configuration.

Published May 2018prev | next

Email this topicEmail this topic

Print this pagePrint this page