Cisco OL-4015-08 User Manual page 306

VPN Global Settings
XAuth Timeout
IKE Identity
Dead Peer Detection
IPSec Security Association (SA) Lifetime (Sec)
Cisco Router and Security Device Manager Version 2.2 User's Guide
12-22
The number of seconds the router is to wait for a a system to respond to the XAuth
challenge.
Either the host name of the router or the IP address that the router will use to
identify itself in IKE negotiations.
Dead Peer Detection (DPD) enables a router to detect a dead peer and, if detected,
delete the IPSec and IKE security associations with that peer.
IKE Keepalive (Sec)
The value is the number of seconds that the router waits between sending IKE
keepalive packets.
IKE Retry (Sec)
The value is the number of seconds that the router waits between attempts to
establish an IKE connection with the remote peer. By default, "2" seconds is
displayed.
DPD Type
Either On Demand or Periodic.
If set to On Demand, DPD messages are sent on the basis of traffic patterns. For
example, if a router has to send outbound traffic and the liveliness of the peer is
questionable, the router sends a DPD message to query the status of the peer. If a
router has no traffic to send, it never sends a DPD message.
If set to Periodic, the router sends DPD messages at the interval specified by the
IKE Keepalive value.
The amount of time after which IPSec security associations (SAs) will expire and
be regenerated. The default is 3600 seconds (1 hour).
Chapter 12 VPN Global Settings
OL-4015-08