Table of Contents
Advertisement
Hello Interval
Enter the time in seconds to wait when the L2TP tunnel is idle (no control or payload packets received)
before sending a Hello (or "keep-alive") packet to the remote client. Minimum is 1 , maximum is 3600 ,
and default is 60 seconds.
Apply / Cancel
To apply your L2TP settings and to include them in the active configuration, click Apply . The Manager
returns to the Configuration | System | Tunneling Protocols screen.
Reminder:
To save the active configuration and make it the boot configuration, click the Save Needed icon at the
top of the Manager window.
To discard your settings, click Cancel . The Manager returns to the Configuration | System | Tunneling
Protocols
Configuration | System | Tunneling Protocols | IPSec
This section of the Manager lets you configure IPSec LAN-to-LAN connections, and IKE (Internet Key
Exchange) parameters for IPSec Security Associations and LAN-to-LAN connections.
IPSec provides the most complete architecture for VPN tunnels, and it is perceived as the most secure
protocol. Both LAN-to-LAN connections and client-to-LAN connections can use IPSec.
In IPSec terminology, a "peer" is a remote-access client or another secure gateway. During tunnel
establishment under IPSec, the two peers negotiate Security Associations that govern authentication,
encryption, encapsulation, key management, etc. These negotiations involve two phases: first, to
establish the tunnel (the IKE SA); and second, to govern traffic within the tunnel (the IPSec SA).
In IPSec LAN-to-LAN connections, the VPN Concentrator can function as initiator or responder. In
IPSec client-to-LAN connections, the VPN Concentrator functions only as responder. Initiators propose
SAs; responders accept, reject, or make counter-proposals—all according to configured SA parameters.
To establish a connection, both entities must agree on the SAs.
The Cisco VPN 3000 Client complies with the IPSec protocol and is specifically designed to work with
the VPN Concentrator. However, the VPN Concentrator can establish IPSec connections with many
protocol-compliant clients. Likewise, the VPN Concentrator can establish LAN-to-LAN connections
with other protocol-compliant VPN devices (often called "secure gateways").
The Cisco VPN 3000 Client supports these IPSec attributes:
• Aggressive Negotiation Mode
• Authentication Algorithms:
– ESP-MD5-HMAC-128
– ESP-SHA1-HMAC-160
• Authentication Modes:
– Preshared Keys
– X.509 Digital Certificates
• Diffie-Hellman Group 1
• Encryption Algorithms:
– DES-56
– 3DES-168
VPN 3000 Concentrator Series User Guide
screen.
Configuration | System | Tunneling Protocols | IPSec
7-7
Hide quick links:
Advertisement
Table of Contents
