Cisco Small Business RV315W Administration Manual page 75

VPN
Configuring IPsec VPN Policies
STEP 7
Cisco RV315W Broadband Wireless VPN Router Administration Guide
- SA Lifetime: Enter the lifetime of the IPsec Security Association (SA).
The IPsec SA lifetime represents the interval after which the IPsec SA
becomes invalid. The IPsec SA is renegotiated after this interval. The
default value is 86400 seconds.
• 2rd Phase: Enter the following information:
- ESP Authentication Algorithm: Choose either SHA1 or MD5 as the ESP
authentication algorithm. The default is SHA1.
- ESP Encryption Algorithm: Choose the symmetric encryption algorithm
that protects data transmission between two IPsec peers. The advanced
encryption standard supports DES, 3DES, AES-128, AES-192, and AES-
256. The default is AES-256.
- PFS: Choose Enable to enable Perfect Forward Secrecy (PFS) to
improve security, or choose Disable to disable it. If you enable PFS, a DH
exchange is performed for every phase-2 negotiation. PFS is desired on
the keying channel of the VPN connection.
- SA Lifetime: Enter the values for the time-based SA lifetime and the flow-
based SA lifetime.
- DPD: Click Enable to enable Dead Peer Detection (DPD), or click Disable
to disable it. DPD is a method of detecting a dead Internet Key Exchange
(IKE) peer. This method uses IPsec traffic patterns to minimize the
number of messages required to confirm the availability of a peer. DPD is
used to reclaim the lost resources in case a peer is found dead and it is
also used to perform IKE peer failover. If you enable DPD, specify the
delay time and DPD timeout.
DPD Delay Time: Enter the value of delay time in seconds between
consecutive DPD R-U-THERE messages. DPD R-U-THERE messages are
sent only when IPsec traffic is idle.
DPD Timeout: Enter the value of detection timeout in seconds. If there
are no responses and no traffic over the timeout, declare the peer dead.
Click Save to save your settings.
6
72