Global Settings Configuration

About this task

To configure the VPN global settings:

Procedure

  1. Select the Global Settings tab.

    The Global Settings screen provides options for DPD (Dead Peer Detection). DPD represents the actions taken upon the detection of a dead peer within the IPSec VPN tunnel connection.

    Click to expand in new window
    Profile Security - Global VPN Settings tab
    GUID-B1E2B4C3-4B3A-42D1-AB87-E627A4F1AC3F-low.png
  2. Refer to the following fields to define IPSec security, lifetime and authentication settings:

    df bit

    Select the DF bit handling technique used for the ESP encapsulating header. Options include clear, set and copy. The default setting is copy.

    IPsec Lifetime (kb)

    Set a connection volume lifetime (in kilobytes) for the duration of an IPSec VPN security association. Once the set volume is exceeded, the association is timed out. Use the spinner control to set the volume from 500 - 2,147,483,646 kilobytes. The default settings is 4,608,000 kilobytes.

    IPsec Lifetime (seconds)

    Set a lifetime (in seconds) for the duration of an IPSec VPN security association. Once the set value is exceeded, the association is timed out. Options include Seconds (120 - 86,400), Minutes (2 - 1,440), Hours (1 - 24) or Days (1). The default setting is 3,600 seconds.

    Plain Text Deny

    Select global or interface to set the scope of the ACL. The default setting is global, expanding the rules of the ACL beyond just the interface.

    Enable IKE UniqueIds

    Select this option to initiate a unique ID check. This is disabled by default.

  3. Define the following IKEv1/IKEv2 DPD settings:

    DPD Keep Alive

    Define the interval (or frequency) of IKE keep alive messages for dead peer detection. Options include Seconds (10 - 3,600), Minutes (1 - 60) and Hours (1). The default setting is 30 seconds.

    DPD Retries

    Use the spinner control to define the number of keep alive messages sent to an IPSec VPN client before the tunnel connection is defined as dead. The available range is from 1 - 100. The default number of messages is 5.

    NAT Keep Alive

    Define the interval (or frequency) of NAT keep alive messages for dead peer detection. Options include Seconds (10 - 3,600), Minutes (1 - 60) and Hours (1). The default setting is 20 seconds.

    Cookie Challenge Threshold

    Use the spinner control to define the threshold (1 - 100) that, when exceeded, enables the cookie challenge mechanism.

    Crypto NAT Pool

    Use the drop-down menu to select the NAT pool for internal source NAT for IPSec tunnels.

  4. Select OK to save the updates made to the Global Settings screen.

    Selecting Reset reverts the screen to its last saved configuration.